CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

EUVD-2023-35381

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2023-31044

Summary: CVE-2023-31044 affects Nokia Impact prior to Mobile 23_FP1. In Impact DM 19.11 and later, a remote authenticated user can exploit the Add Campaign function to inject a malicious payload within the Campaign Name. When exported to CSV, those payloads may execute via spreadsheet software, e...

Nokia Impact Mobile 安全漏洞

Nokia Impact Mobile is a mobile network device management and automation platform developed by Finnish company Nokia. Previous versions of Nokia Impact Mobile, including 23FP1, contained security vulnerabilities. These vulnerabilities stemmed from the Campaign Name parameter in the Add Campaign...

PT-2026-22762

An issue was discovered in Nokia Impact before Mobile 23 FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that ma...

CVE-2025-14961

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now publ...

Revive Adserver: Stored-XSS in campaign name displayed in Banners modal

Description: A low-privilege authenticated user can create or edit advertiser/campaign names containing HTML/JavaScript. Those values are stored in the application and later rendered without proper HTML escaping in the admin Inventory → Banners advertiser/campaign picker. When an administrator...

CVE-2024-13735

The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible...

PT-2025-6604 · WordPress · Hurrytimer

Name of the Vulnerable Software and Affected Versions: HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin versions up to, and including, 2.11.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

WordPress HurryTimer plugin <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Name vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Campaign Name vulnerability discovered by zer0gh0st in WordPress Plugin HurryTimer versions = 2.11.2...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the campaign Name Internal Name field in the Add new campaign function, allowing a remote attacker to execute arbitrary code...

GHSA-J4V9-CM37-H7C2 Microweber Cross-site Scripting vulnerability

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name Internal Name field in the Add new campaign function...

Microweber Cross-site Scripting vulnerability

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name Internal Name field in the Add new campaign function...

CVE-2024-33297

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name Internal Name field in the Add new campaign function...

CVE-2024-33297

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name Internal Name field in the Add new campaign function...