893 matches found
CVE-2024-0007
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator...
CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator...
Palo Alto Networks PAN-OS 安全漏洞
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker could exploit the vulnerability to store a JavaScript payload using the web interface on the Panorama device...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
Cross site scripting
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
Westermo Lynx 206-F2G Cross-Site Scripting Vulnerability
The Westermo Lynx 206-F2G is a Layer 3 industrial Ethernet switch from Westermo, Sweden, powered by the Westermo WeOS network operating system. A security vulnerability exists in the Westermo Lynx 206-F2G. An attacker can exploit this vulnerability to introduce arbitrary JavaScript by injecting a...
WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Date: April 18, 2023 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference:...
CVE-2023-6282
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...
Cross site scripting
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...
CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...
CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...
CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
CVE-2022-2413
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
CVE-2022-2413
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
Design/Logic Flaw
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
CVE-2024-0554
A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...
Cross site scripting
A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...
CVE-2024-0554 Cross-site scripting (XSS) vulnerability on WIC1200
A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...