682 matches found
CVE-2023-46055
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint...
Cross site scripting
Cross Site Scripting XSS vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the websitefooter parameter in the admin/settings/save.php component...
Code injection
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint...
CVE-2023-46055
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint...
CVE-2023-46055
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint...
CVE-2023-46054
Cross Site Scripting XSS vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the websitefooter parameter in the admin/settings/save.php component...
CVE-2023-43354
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component...
CVE-2023-43346
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component...
CVE-2023-43346
The CVE-2023-43346 issue affects opensolution Quick CMS v6.7. A cross-site scripting (XSS) flaw in the Languages Menu component allows a local attacker to execute arbitrary code through a crafted script sent to the Backend - Dashboard parameter. Documents consistently describe this as a local XSS...
CVE-2023-43344
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component...
CVE-2023-43342
CVE-2023-43342 affects OpenSolution Quick CMS v6.7. The vulnerability is a Cross-site Scripting (XSS) flaw in the Languages Menu component that can allow a local attacker to execute arbitrary code via a crafted script. Documented impact per CVSS: Network attack vector, low privilege required, use...
CVE-2023-43345
OpenSolution Quick CMS 6.7 is affected by a stored XSS in the Pages Menu component, triggered by crafting the Content - Name parameter. The vulnerability allows a local attacker to execute arbitrary code via the injected script, with impact on confidentiality, integrity, and availability as per t...
CVE-2023-43344
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component...
Code injection
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...
CVE-2023-45542
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...
Cross site scripting
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...
CVE-2023-45540
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...
CVE-2023-45540
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...
CVE-2023-45542
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...
CVE-2023-44827
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function...