7210 matches found
CVE-2023-44276
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard...
CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component...
CVE-2023-41447
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component...
Cross site scripting
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component...
Cross site scripting
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component...
CVE-2023-44276
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard...
CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component...
CVE-2023-44276
OPNsense before 23.7.5 is vulnerable to XSS via the index.php?sequence parameter in the Lobby Dashboard. Root cause: insufficient input handling for the sequence parameter in that endpoint. Impact: cross-site scripting may affect users viewing the Lobby Dashboard. Mitigation: upgrade to version 2...
CVE-2023-41446
CVE-2023-41446 affects phpkobo AjaxNewTicker version 1.0.5. The vulnerability is a Cross Site Scripting flaw in the index.php component, exploitable via a crafted script in the title parameter to trigger arbitrary code execution. The NVD/CVE entry rates it as CVSS v3.1 Base Score 6.1 (Medium) wit...
CVE-2023-44275
OPNsense
CVE-2023-41453
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component...
CVE-2023-41451
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
CVE-2023-41448
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component...
CVE-2023-41452
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
CVE-2023-41452
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
CVE-2023-41445
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component...
Cross site scripting
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component...
Cross site request forgery (csrf)
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
CVE-2023-44043
A reflected cross-site scripting XSS vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter...
CVE-2023-5221
ForU CMS contains a code injection vulnerability in /install/index.php via manipulation of the db_name argument. The issue allows remote code execution and has been publicly disclosed. Impact is tied to confidentiality, integrity, and availability at HIGH/CRITICAL levels per CVE-2023-5221, with m...