CVE-2023-38876

A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'...

CVE-2023-42656

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a reflected cross-site scripting XSS vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer...

Head Start Cross-Site Scripting Vulnerability

Head Start is a web-based knowledge mapping software open-sourced by Open Knowledge Maps. Designed to give researchers a head start on literature reviews hence the name. A security vulnerability exists in Open Knowledge Maps Head Start, Visual Project Explorer version 1.0. An attacker exploited t...

The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks, FortiProxy, arises from the lack of measures taken to protect the structure of web pages. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks FortiProxy exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2023-40617

A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'...

Cross site scripting

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated...

CVE-2023-29305

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

Cross Site Scripting (XSS)

matrix-media-repo is vulnerable to a Cross Site Scripting XSS. The vulnerability is due to a lack of content-type validation, which allows an attacker to upload a SVG image containing JavaScript leading to the execution of JavaScript in the user’s browser...

SUSE CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2023-40624 Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

CVE-2023-42471

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

PT-2023-28361 · Unknown · Wave.Ai.Browser

Name of the Vulnerable Software and Affected Versions: wave.ai.browser application through 1.0.35 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the...

PT-2023-28360 · Imou Life · Imou Life

Name of the Vulnerable Software and Affected Versions: Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android Description: The issue allows Remote Code Execution via a crafted intent to an exported component, specifically relating to the com.mm.android.easy4ip.MainActivity...

Wave Browser Code Injection Vulnerability

Wave Browser is a browser. A security vulnerability exists in Wave Browser version 1.0.35 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary JavaScript code...

Govee Home Security Breach

Govee Home is a software application. Govee Home contains a security vulnerability that stems from the fact that the WebView component can be opened by any application on the device, and by sending the URL to a specially crafted website, an attacker can execute JavaScript in the WebView context o...

matrix-media-repo Cross-Site Scripting Vulnerability

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cross-site scripting vulnerability exists in matrix-media-repo versions prior to 1.3.0, which originates from a vulnerability that allows an attacker to upload an SVG image containing JavaScript script to a serv...

The vulnerability of the Iframe Dialog and Media Embed functions in CKEditor’s WYSIWYG editor allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Iframe Dialog and Media Embed functions in the CKEditor WYSIWYG editor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

DEBIAN-CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...

Apple macOS Ventura Security Vulnerability

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.5, which originates from a remote attacker who may be able to cause arbitrary JavaScript code execution...