CVE-2024-5962

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2024-5962

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

CVE-2021-35956

Stored cross-site scripting XSS in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email from/to/cc, System Name, and System Location fields...

CVE-2021-33848

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

CVE-2021-29387

Multiple stored cross-site scripting XSS vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters...

CVE-2021-29030

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI...

CVE-2021-29033

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/editgroup.php URI...

CVE-2021-29028

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/useractivity.php URI...

CVE-2021-29026

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI...

CVE-2021-29029

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/editpersonalpage.php URI...

CVE-2021-29009

A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter...

CVE-2021-29027

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI...

CVE-2021-29008

A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "totime" parameter...

CVE-2021-29031

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/usersimport.php URI...

CVE-2021-28417

A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "searchname" parameter...

CVE-2024-5962

CVE-2024-5962 is a reflected XSS in the authentication endpoint of multiple WSO2 products (e.g., WSO2 API Manager and WSO2 Identity Server) caused by missing output encoding of user input. The vulnerability can lead to arbitrary JavaScript execution in the authentication flow, potentially modifyi...

CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...