5085 matches found
CVE-2023-48521 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2023-48440 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2023-48548 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2023-48504
CVE-2023-48504 affects Adobe Experience Manager (AEM) versions 6.5.18 and earlier with a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The underlying issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visit...
CVE-2023-48523 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
PT-2023-9344 · Unknown · Tinode Chat
Name of the Vulnerable Software and Affected Versions: Tinode Chat affected versions not specified Description: The issue is related to the lack of protection of the web page structure in Tinode Chat, allowing a remote attacker to conduct cross-site scripting attacks by injecting specially crafte...
PT-2023-29889 · Ibm · Ibm Sterling Secure Proxy
Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trust...
CVE-2023-42476
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...
CVE-2023-42476
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...
CVE-2023-42476 Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...
CVE-2023-42476
SAP Business Objects Web Intelligence 420 is affected by an authenticated JavaScript injection (XSS) vulnerability in Web Intelligence documents. The issue allows an attacker to inject code that runs in a user’s browser when the vulnerable page is visited, potentially exposing data from reporting...
Siemens Opcenter Quality 跨站脚本漏洞
Opcenter Quality is a quality management system QMS that enables organizations to safeguard compliance, optimize quality, reduce the cost of defects and rework, and achieve operational excellence by improving process stability. simatic pcs neo is a distributed control system DCS. the SINUMERIK...
Cross Site Scripting
mediawiki/semantic-media-wiki is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization of input. This issue can be exploited by an attacker via injecting malicious JavaScript...
PT-2023-28362 · Sap · Sap Business Objects Web Intelligence
Name of the Vulnerable Software and Affected Versions: SAP Business Objects Web Intelligence version 420 Description: The issue allows an authenticated attacker to inject JavaScript code into Web Intelligence documents, which is then executed in the victim's browser each time the vulnerable page ...
CVE-2023-28873
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor...
Cross site scripting
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor...
CVE-2023-28873
The CVE-2023-28873 entry concerns Seafile 9.0.6 with an XSS flaw in wiki and discussion pages that permits injecting JavaScript into the Markdown editor. The connected PT-Security advisory confirms the affected software and describes the vulnerability as an XSS vector in the Markdown editor, with...
PT-2023-22023 · Seafile · Seafile
Name of the Vulnerable Software and Affected Versions: Seafile version 9.0.6 Description: An issue allows attackers to inject JavaScript into the Markdown editor in wiki and discussion pages. This is achieved through an XSS issue, which enables the execution of malicious scripts. Recommendations:...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
CVE-2023-48206
A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...