CVE-2023-6720

CVE-2023-6720 describes a stored XSS in Repox due to insufficient sanitisation of field elements, allowing an attacker to store a JavaScript payload on the server and trigger it when the application loads. The vulnerability affects Repox (version details not specified in the provided documents). ...

CVE-2023-6719 Cross-site Scripting in Repox

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

PT-2023-36079 · Repox · Repox

Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: A security issue has been identified that allows an attacker to compromise interactions between a user and the vulnerable application. This can be exploited by sending a specially crafted...

PT-2023-7758 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS affected versions not specified Description: A cross-site scripting XSS issue in the PAN-OS software allows a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. When viewed by a...

CVE-2023-6419

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

CVE-2023-6420

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

CVE-2023-6027

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...

CVE-2023-6027

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...

Cross site scripting

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...

Design/Logic Flaw

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

CVE-2023-6423 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

CVE-2023-6420

Voovi Social Networking Script 1.0 is affected by a cross-site scripting (XSS) vulnerability in signup2.php via the emailadd parameter. The root cause is inadequate input handling for emailadd, allowing a remote attacker to inject JavaScript that could partially take over an authenticated user’s ...

CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

CVE-2023-6419 Cross-site Scripting vulnerability in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

Cross site scripting

A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...

CVE-2023-6359 Cross-Site Scripting in Alumne LMS

A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...

PT-2023-7322 · Unknown · Alumne Lms

Name of the Vulnerable Software and Affected Versions: Alumne LMS version 4.0.0.1.08 Description: A Cross-Site Scripting XSS issue has been found in Alumne LMS, where an attacker could exploit the localidad parameter to inject a custom JavaScript payload. This could allow the attacker to partiall...

CVE-2023-4594

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...