DEBIAN-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

UBUNTU-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

Information disclosure

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

Cross site scripting

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting XSS vulnerability via the adin/importModels Import Records Model field model parameter. This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's...

PT-2023-15602

Name of the Vulnerable Software and Affected Versions X2CRM Open Source Sales CRM versions 6.6 through 6.9 Description A reflected cross-site scripting XSS issue was discovered in X2CRM Open Source Sales CRM. This issue allows attackers to create malicious JavaScript that will be executed by the...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2023-26123

Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting XSS such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscriptenrunscript...

raylib 跨站脚本漏洞

raylib is an easy-to-use library for raysan5 personal developers to enjoy video game programming. A security vulnerability exists in raysan5 raylib versions prior to 4.5.0, which stems from a failure of the SetClipboardText API to properly escape characters, which can be exploited by an attacker ...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

CVE-2023-24464

CVE-2023-24464 is a stored cross-site scripting vulnerability in Buffalo network devices (BS-GS2008/2016/2024/2048 and their “P” variants; firmware 1.0.10.01 and earlier). The underlying issue is a stored XSS in the web management console that allows an attacker with access to the management UI t...

CVE-2023-0157

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

Shopify: Reflected XSS on help.shopify.com

A reflected cross-site scripting vulnerability was present in the returnTo parameter on help.shopify.com that allowed javascript code execution if specific steps were followed...

Uptime Kuma 1.19.6 Cross Site Scripting

Exploit Title: Stored XSS in uptime-kuma ""alert"XSS" If anyone loads the page, the javascript inside the script tag will be executed...

CVE-2020-36692

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...

PT-2023-2880 · Sophos · Sophos Web Appliance

Name of the Vulnerable Software and Affected Versions: Sophos Web Appliance versions older than 4.3.10.4 Description: A reflected XSS via POST vulnerability in the report scheduler allows execution of JavaScript code in the victim's browser via a malicious form that must be manually submitted by...

CVE-2023-27489

Kiwi TCMS (open source test management) has a CVE-2023-27489 stored XSS via SVG file upload. The vulnerability arises because uploaded SVGs could contain JavaScript that executes when viewed in contexts that do not render in an HTML page. The issue is mitigated by a CSP header that blocks inline ...