Cross site scripting

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

TikTok: RXSS via region parameter

A cross-site scripting vulnerability was discovered in a TikTok endpoint. User-supplied data in the 'region' parameter was reflected without appropriate escaping, allowing JavaScript injection...

PT-2023-8655 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS affected versions not specified Description: A cross-site scripting XSS issue in the web interface of Palo Alto Networks PAN-OS software allows a malicious authenticated read-write administrator to store a JavaScript...

CVE-2023-4592

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

Cross site scripting

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

CVE-2023-4592 Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

CVE-2023-4592 Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

WPN-XM Serverstack Cross-Site Scripting Vulnerability

WPN-XM Serverstack is a server stack from the WPN-XM organization for developing PHP on Windows. A cross-site scripting vulnerability exists in WPN-XM Serverstack version 0.8.6, which stems from the presence of a cross-site scripting vulnerability that could allow a remote attacker to send a...

CVE-2022-35950

CVE-2022-35950 affects OroCommerce. In 4.1.0–4.1.13, 4.2.0–4.2.10, 5.0.0–5.0.10, and 5.1.0–5.1.0 (up to 5.1.1), a JavaScript payload added to the product name may execute at the storefront when a user adds a note to a shopping-list line item containing a vulnerable product. An attacker who can ed...

CVE-2023-4493

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...

Cross site scripting

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...

CVE-2023-4493 Easy Address Book Web Server Stored XSS vulnerability

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...

CVE-2023-4493 Easy Address Book Web Server Stored XSS vulnerability

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...

CVE-2023-4492 Easy Address Book Web Server XSS vulnerability

Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...

CVE-2023-4492 Easy Address Book Web Server XSS vulnerability

Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...

CVE-2023-4564

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

Design/Logic Flaw

This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel...

CVE-2023-4564 Multiple vulnerabilities in Canopsis of Capensis

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

CVE-2023-4564

CVE-2023-4564 affects Canopsis (Capensis) with a stored cross-site scripting (XSS) flaw in the admin panel that allows an attacker to store a malicious JavaScript payload via the broadcast message parameter. The Red Hat, NVD, OSV, and related records consistently describe a stored XSS in the broa...

CVE-2023-3196 Multiple vulnerabilities in Canopsis of Capensis

This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel...