GHSA-C7XM-RWQJ-PGCJ LimeSurvey Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields...

CVE-2020-24061

Cross Site Scripting XSS Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script...

CVE-2020-24061

Cross Site Scripting XSS Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script...

SUSE CVE-2021-21156

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script...

CVE-2024-44819

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component...

PT-2024-30149 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save playlist" in Kashipara Music Management System. This allows attackers to execute arbitrary code via...

CVE-2024-42678

Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component...

PT-2024-30103 · Unknown · Super Easy Enterprise Management System

Name of the Vulnerable Software and Affected Versions: Super easy enterprise management system versions 1.0.0 and earlier Description: The issue allows a local attacker to execute arbitrary code via a crafted script to the "/WebSet/DlgGridSet.html" component. This enables the attacker to perform...

CVE-2024-42678

Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component...

CVE-2024-42678

Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component...

CVE-2024-40482

An Unrestricted file upload vulnerability was found in "/Membership/editmember.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-28739

Koha ILS 23.05 and earlier is described in multiple sources as vulnerable to remote code execution via a crafted script to the format parameter. The vulnerability affects Koha ILS versions up to and including 23.05. Concrete exploit details beyond the high-level description (e.g., exact payloads ...

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

VulnCheck KEV: CVE-2018-0824

Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script...

CVE-2024-24257

An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component...

GHSA-9XHH-3M78-GVGJ CLSA Directory Traversal vulnerability

Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. Fixes for this issue have been backported to the 5.x, 6.x, and 7.x branches of CSLA. CSLA version 5.5.4 contains a fix. A...

CVE-2024-28698

CVE-2024-28698 describes a Directory Traversal vulnerability in the Marimer LLC CSLA .Net framework prior to 8.0, enabling remote code execution via crafted scripts passed to the MobileFormatter component. Multiple sources corroborate that lack of validation of directory traversal sequences in Mo...

GO-2024-2920 Denial of service vulnerability via the parseDirectives function in github.com/vektah/gqlparser

An issue in vektah gqlparser open-source-library allows a remote attacker to cause a denial of service via a crafted script to the parseDirectives function...

CVE-2024-37678

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script...

CVE-2024-37679

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter...