CVE-2023-31457

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

CVE-2023-30097

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...

CVE-2023-30095

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field...

CVE-2023-28651

Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...

CVE-2023-27776

A stored cross-site scripting XSS vulnerability in /index.php?page=categorylist of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter...

CVE-2023-27208

A cross-site scripting XSS vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter...

CVE-2023-27211

A cross-site scripting XSS vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...

CVE-2023-27206

A cross-site scripting XSS vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

CVE-2023-27054

A cross-site scripting XSS vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module...

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

CVE-2023-26846

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...

CVE-2023-24369

A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...

CVE-2023-24322

A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...

CVE-2023-30405

A cross-site scripting XSS vulnerability in Aigital Wireless-N Repeater MiniRouter v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wlssid parameter at /boafrm/formHomeWlanSetup...

CVE-2023-34439

Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...

CVE-2023-33750

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...

CVE-2023-33751

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php...

CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacke...

CVE-2023-29522

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki...