7613 matches found
Notimoo 跨站脚本漏洞
Notimoo is a method for web developers to display notifications to users. PaquitoSoftware Notimoo suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web script or HTML via a carefully crafted header or message in a notification...
CVE-2022-25305
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...
CVE-2022-24374
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows ...
CVE-2022-24435
Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2022-24435
Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2022-24435
Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2022-24374
Summary: CVE-2022-24374 describes a cross-site scripting (XSS) vulnerability in a-blog CMS. The connected Red Hat advisory for CVE-2022-23916 confirms the same underlying issue across multiple branches and provides concrete fixed versions. Affected platforms/versions: a-blog CMS Ver. 2.8.x < 2...
Cisco Prime Infrastructure and Cisco EPN Manager跨站脚本漏洞
Cisco Prime Infrastructure is an application from Cisco, Inc. A cross-site scripting vulnerability exists in Cisco Prime Infrastructure and Cisco EPN Manager, which could be exploited by an attacker to execute arbitrary script code or access sensitive browser-based information in the context of t...
CVE-2022-20659 Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This...
Multiple vulnerabilities in phpUploader
Overview phpUploader provided by Dojin Club MICMNIS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24435 SQL Injection CWE-89 - CVE-2022-23986 Toyama Taku reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters...
CVE-2022-24227
A cross-site scripting XSS vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters...
PluXml 安全漏洞
PluXml is a free and open source content management system that does not require a database to work. PluXml suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML...
CVE-2022-21805
Reflected cross-site scripting vulnerability in the attached file name of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2022-22146
Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2022-22146
Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2022-22142
Reflected cross-site scripting vulnerability in the checkbox of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20877
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series...
CVE-2022-21241
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...