5085 matches found
CVE-2023-45222
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...
Cross site scripting
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration...
Cross site scripting
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...
Cross site scripting
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter...
Westermo Lynx 206-F2G Cross-Site Scripting Vulnerability
The Westermo Lynx 206-F2G is a Layer 3 industrial Ethernet switch from Westermo, Sweden, powered by the Westermo WeOS network operating system. A security vulnerability exists in the Westermo Lynx 206-F2G. An attacker can exploit this vulnerability to introduce arbitrary JavaScript by injecting a...
CVE-2024-0660
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...
CVE-2024-0660 Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...
Cross Site Scripting (XSS)
antisamy is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper parsing of HTML when the preserveComments directive is enabled in the policy file. This issue can be exploited by an attacker to inject malicious JavaScript via comment tags...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...
GHSA-RV8P-RR2H-FGPG @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...
GHSA-997G-27X8-43RF react-query-streamed-hydration Cross-site Scripting vulnerability
Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...
react-query-streamed-hydration Cross-site Scripting vulnerability
Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...
CVE-2023-5124
The CVE-2023-5124 issue affects Page Layer (Pagelayer) Page Builder for WordPress up to version 1.7.9. The vulnerability allows an attacker with Author+/Administrator privileges to inject malicious JavaScript into a post’s header/footer code, even when unfiltered_html is disallowed (notably in mu...
WordPress plugin Page Builder: Pagelayer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
PHPJ Callback Widget 1.0 Cross Site Scripting
Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking Author: nu11secur1ty Date: 01/26/2024 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/callback-widget/ Reference: https://portswigger.net/web-security/cross-site-scripting Description: The Callback Requests functi...
RHCOS 4 : OpenShift Container Platform 4.13.5 (RHSA-2023:4093)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4093 advisory. - kube-apiserver: PrivEsc CVE-2023-1260 - openshift: OCP & FIPS mode CVE-2023-3089 - golang: net/http, net/textproto: denial of...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
Cross site scripting
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...