178 matches found
PT-2025-1476 · Unknown · Selesta Visual Access Manager
The software that is vulnerable is Selesta Visual Access Manager, specifically versions less than 4.42.2. The vulnerability is a Cross Site Scripting XSS vulnerability that can be exploited via the /common/autocomplete.php file. This vulnerability has been assigned the CVE identifier...
CVE-2024-56363 APTRS has SSTI vulnerability
APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the toHTMLEx method. An attacker can execute arbitrary JavaScript code by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...
CVE-2024-51209
Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...
CVE-2024-11212
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode leads to sql injection. The attack may...
Cross-site Scripting
Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...
CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface...
CVE-2024-6046
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Employee Task Management System SQL注入漏洞
Employee Task Management System is an Employee Task Management System developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Employee Task Management System v1.0, which is vulnerable to SQL injection via admin-manage-user.php...
CVE-2024-0038
In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Input validation
In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2024-15313 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a missing permission check in the injectInputEventToInputFilter function of AccessibilityManagerService.java. This could lead to arbitrary input event injection,...
PT-2023-31806 · Brainstorm Force · Wp Remote Site Search
Name of the Vulnerable Software and Affected Versions: Brainstorm Force WP Remote Site Search versions 1.0.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that...
DEBIAN-CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...
Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting
==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...
ScanCode.io command injection in docker image fetch process
Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...
golang: html/template: improper sanitization of CSS values
A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...
CVE-2023-31868
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
CVE-2023-30743 Improper Neutralization of Input in SAPUI5
Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...
CVE-2023-1616
CVE-2023-1616 affects XiaoBingBy TeaCMS up to version 2.0.2, specifically the Article Title Handler component. The issue is a cross-site scripting vulnerability triggered by manipulating input such as , with remote exploitability. The public exploit is noted, and multiple sources confirm the vuln...