5964 matches found
CVE-2022-4286
A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...
CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime
A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...
CVE-2023-21434
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page...
CVE-2023-21434
Samsung Galaxy Store for Android versions prior to 4.5.49.8 is affected by CVE-2023-21434 due to improper input validation. The issue relates to how the app limits domains that can be launched in a WebView, potentially allowing a local attacker to bypass the URL filter and navigate to a domain un...
CVE-2023-21434
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page...
The vulnerability of the microprogrammed Ethernet switches Moxa SDS-3008 lies in the insufficient protection of the web page structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the microprogrammed Ethernet switches from Moxa, the SDS-3008 model, is related to insufficient protection of the website structure when processing the Switch Description field in the Switch Information section. Exploiting this vulnerability allows an attacker to execute...
The vulnerability of the microprogrammed Ethernet switches Moxa SDS-3008 lies in the insufficient protection of the web page structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the microprogrammed Ethernet switch software from Moxa, the SDS-3008 model, is related to insufficient protection of the website structure during the processing of the Switch Location field in the Switch Information section. Exploiting this vulnerability allows an attacker to...
Design/Logic Flaw
Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...
CVE-2022-41312
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
CVE-2022-41313
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
Cross site scripting
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
Cross site scripting
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
CVE-2022-41313
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
CVE-2022-41311
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
CVE-2022-41312
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
CVE-2022-41313
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...
Cross-Site Scripting (XSS)
github.com/grafana/grafana is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the originalUrl parameter which allows an attacker to inject and execute arbitrary JavaScript...
PT-2023-18677 · Zulip · Zulip
Name of the Vulnerable Software and Affected Versions: Zulip versions prior to commit 2f6c5a8 but after commit 04cf68b Description: Zulip is an open-source team collaboration tool. In affected versions, users could upload files with arbitrary Content-Type which would be served from the Zulip...
Zulip 安全漏洞
Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip that stems from the ability to upload a file with an arbitrary Content-Type, whi...
Moxa SDS-3008 cross-site scripting vulnerability (CNVD-2023-58304)
Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...