893 matches found
Design/Logic Flaw
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...
Cross site scripting
A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...
Design/Logic Flaw
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...
CVE-2023-6423 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...
CVE-2023-6420
Voovi Social Networking Script 1.0 is affected by a cross-site scripting (XSS) vulnerability in signup2.php via the emailadd parameter. The root cause is inadequate input handling for emailadd, allowing a remote attacker to inject JavaScript that could partially take over an authenticated user’s ...
CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...
CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...
CVE-2023-6419 Cross-site Scripting vulnerability in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...
Cross site scripting
A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...
CVE-2023-6359 Cross-Site Scripting in Alumne LMS
A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...
PT-2023-7322 · Unknown · Alumne Lms
Name of the Vulnerable Software and Affected Versions: Alumne LMS version 4.0.0.1.08 Description: A Cross-Site Scripting XSS issue has been found in Alumne LMS, where an attacker could exploit the localidad parameter to inject a custom JavaScript payload. This could allow the attacker to partiall...
CVE-2023-4594
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...
Cross site scripting
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...
TikTok: RXSS via region parameter
A cross-site scripting vulnerability was discovered in a TikTok endpoint. User-supplied data in the 'region' parameter was reflected without appropriate escaping, allowing JavaScript injection...
PT-2023-8655 · Palo Alto Networks · Pan-Os
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS affected versions not specified Description: A cross-site scripting XSS issue in the web interface of Palo Alto Networks PAN-OS software allows a malicious authenticated read-write administrator to store a JavaScript...
CVE-2023-4592
A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...
Cross site scripting
A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...
CVE-2023-4592 Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack
A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...
CVE-2023-4592 Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack
A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...
WPN-XM Serverstack Cross-Site Scripting Vulnerability
WPN-XM Serverstack is a server stack from the WPN-XM organization for developing PHP on Windows. A cross-site scripting vulnerability exists in WPN-XM Serverstack version 0.8.6, which stems from the presence of a cross-site scripting vulnerability that could allow a remote attacker to send a...