5082 matches found
Cross site scripting
A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...
CVE-2023-48172
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
CVE-2023-48172
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
Cross site scripting
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
CVE-2023-48206
A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
CVE-2023-48208
CVE-2023-48208 concerns PHPJabbers Availability Booking Calendar v5.0. A stored Cross Site Scripting vulnerability exists in index.php that allows injecting JavaScript via the following parameters: name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name. This is the concre...
Availability Booking Calendar Cross-Site Scripting Vulnerability
PHPJabbers Availability Booking Calendar is a booking system. A cross-site scripting vulnerability exists in Availability Booking Calendar version 5.0, which originates from a vulnerability that allows an attacker to inject JavaScript injection into index.php...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
CVE-2023-48172
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
CVE-2023-28875
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...
CVE-2023-28875
CVE-2023-28875 concerns a stored XSS in FileRun’s shared files download terms, specifically affecting Filerun Update 20220202. The vulnerability is triggered when a user follows a crafted share link, allowing injected JavaScript code execution in the victim’s browser. Connected sources identify t...
CVE-2023-28875
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...
Cross-site Scripting (XSS)
dpaste is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to improper lexer validation in views.py, which allows an attacker to inject and execute malicious JavaScript into the browser, resulting in XSS...
PT-2023-28212 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...
CVE-2023-48042
Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...
CVE-2023-48042
Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...
Alumne LMS Cross-Site Scripting Vulnerability
Alumne LMS is an e-learning platform from Alumne LMS, Inc. A cross-site scripting vulnerability exists in Alumne LMS version 4.0.0.1.08, which stems from a lack of proper cleanup in the localidad field on the /users/editmy page, and can be exploited by an attacker to inject a custom JavaScript lo...
PT-2023-30677 · Prestashop · Prestashop Amazzing Filter
Name of the Vulnerable Software and Affected Versions: Prestashop Amazzing filter versions up to 3.2.5 Description: The issue allows remote attackers to inject arbitrary JavaScript code due to a Cross Site Scripting XSS vulnerability in the Search filters of Prestashop Amazzing filter...
Rocky Linux 8 : nodejs:20 (RLSA-2023:7205)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7205 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return ...