CVE-2023-43705

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "translationvalue1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

SHIRASAGI Cross-Site Scripting Vulnerability

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in SHIRASAGI versions prior to v1.18.0. An attacker can exploit the vulnerability to execute arbitrary script on a web browser...

Apache JSPWiki 跨站脚本漏洞

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Apache Foundation. Apache JSPWiki has a security vulnerability that stems from the fact that a carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability that an attacker could...

GHSA-RM24-25XM-9454 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window...

Organizr 代码问题漏洞

Organizr is a tab management system. Designed to be a one-stop store for server front ends, Organizr versions prior to 2.1.1810 have a file upload vulnerability that stems from the lack of valid validation of uploaded files by the application, which can be exploited by attackers to upload .svg...

showdoc 跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .aspx file extensions in the application's file upload functionality. An attacker could use this...

Cross-site Scripting (XSS) - Stored in osticket/osticket

Description As it is written on github profile, osTicket is a widely-used open source support ticket system. During source code research I discovered bad uploaded file type check, which is controlled by user. Unauthenticated user can upload malicious html/js file. FROM OWASP:: Cross-Site Scriptin...

VMware vRealize Log Insight 跨站脚本漏洞

Vmware VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A cross-site scripting vulnerability exists in VMware vRealize Log Insight that stems from insufficient cleansing of user-supplied data...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Not every vulnerability h...

PHP Factory MailForm01 跨站脚本漏洞

php factory MailForm01 is a free PHP mail form program from PHP Factory Japan that can be easily installed with just one file. A security vulnerability exists in MailForm01 versions prior to 2021-05-20, which stems from insufficient harmless handling of user-supplied data. An attacker can exploit...

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to bypass a security measure and perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers of MIS...

GraphQL Playground Cross-Site Scripting Vulnerability

GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE Integrated Development Environment based on GraphiQL from Prisma Labs, Germany. A cross-site scripting vulnerability exists in GraphQL Playground graphql-playground-html NPM package. A remote attacker can exploit this...

Sales Force Assistant vulnerable to cross-site scripting

Overview Sales Force Assistant provided by NI Consulting CO.,Ltd. contains a cross-site scripting vulnerability CWE-79. Masanobu Miyagi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2020-26662)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon 'E-mail'. An attacker can exploit the vulnerability ...

CVE-2018-1000154

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...