359 matches found
CVE-2023-6422
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...
Design/Logic Flaw
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
Design/Logic Flaw
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...
CVE-2023-6431
BigProf Online Invoicing System 2.6 contains a persistent XSS flaw due to insufficient encoding of user-controlled input in the FirstRecord parameter of /inventory/categories_view.php. This could allow storing JavaScript payloads that execute when the page loads. Documented in CVE-2023-6431 and c...
PT-2023-32664 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...
PT-2023-32655
Name of the Vulnerable Software and Affected Versions BigProf Online Clinic Management System version 2.2 Description A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/clinic/medical records...
PT-2023-32653 · Unknown · Bigprof Online Clinic Management System
Name of the Vulnerable Software and Affected Versions: BigProf Online Clinic Management System version 2.2 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the /clinic/events view.php...
PT-2023-32659 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/invoicing/app/clients view.php"...
CVE-2023-33986
SAP CRM ABAP Grantor Management - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the applicatio...
CVE-2023-33985
SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information...
CVE-2023-33991
SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...
CVE-2023-33985
SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information...
CVE-2023-33991 Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management
SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...
PT-2023-3745 · Sap · Sap Crm Abap
Name of the Vulnerable Software and Affected Versions: SAP CRM ABAP Grantor Management versions 700 through 714 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by a remote...
PT-2023-3743 · Sap · Sap Netweaver Enterprise Portal
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal version 7.50 Description: The issue arises from insufficient encoding of user-controlled inputs over the network, resulting in a reflected Cross-Site Scripting XSS issue. This allows an attacker to view or modi...
RockMongo 1.1.7 - Stored Cross-Site Scripting Vulnerability
Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting XSS Discovery by: Rafael Pedrero Vendor Homepage: https://github.com/iwind/rockmongo/ Software Link : https://github.com/iwind/rockmongo/ Tested Version: 1.1.7 Tested on: Windows 7 and 10 Vulnerability Type: Stored Cross-Site Scripting...
CVE-2023-29188
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS...
PT-2023-2940 · Sap · Sap Crm Webclient Ui
Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions SAPSCORE 129, S4FND 102 through S4FND 107, WEBCUIF 701 through WEBCUIF 801 Description: The SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS issue...
PT-2023-22946 · Sap · Sap Crm +1
Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102 through S4FND 107, WEBCUIF 700 through WEBCUIF 801 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a stored Cross-Site Scripting XSS vulnerability. An...
CVE-2023-27499 Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...