682 matches found
CVE-2023-44826
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script...
CVE-2023-44826
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script...
CVE-2023-44827
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function...
Nature Easy Soft Network Technology ZenTao Command Injection Vulnerability
Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes product management, project management, quality management and document management and other...
GHSA-MR4W-7VM9-CGQX Zenario CMS Cross-site Scripting vulnerability
A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias...
ConcreteCMS Cross-site Scripting vulnerability
A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings...
ConcreteCMS Cross-site Scripting vulnerability
A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings...
CVE-2023-44766
A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to...
CVE-2023-44762
A Cross Site Scripting XSS vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags...
CVE-2023-44762
A Cross Site Scripting XSS vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags...
Cross site scripting
A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...
CVE-2023-44762
A Cross Site Scripting XSS vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags...
CVE-2023-44770
A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias...
CVE-2023-43343
OpenSolution Quick CMS v6.7 is affected by an XSS vulnerability in the Pages Menu component through the Files - Description parameter, enabling a local attacker to execute arbitrary code via crafted script. Public details indicate no confirmed fix/version with patch; some sources suggest restrict...
An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.
...
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to writing beyond buffer boundaries in memory, allows a perpetrator to execute arbitrary code.
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created SPP file...
CVE-2023-44011
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component...
CVE-2023-44011
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component...
CVE-2023-44011
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component...
CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component...