PT-2023-30449 · Pachno · Pachno

Name of the Vulnerable Software and Affected Versions: Pachno version 1.0.6 Description: A vulnerability has been identified that allows an authenticated attacker to execute a cross-site scripting XSS attack. The issue exists due to inadequate input validation in the Project Description and...

Artica Pandora FMS Cross-Site Scripting Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS versions 700 through 773, which is caused due to imprope...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

Cross site request forgery (csrf)

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

CVE-2023-2438 UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

Cross Site Scripting (XSS)

Statamic CMS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper MIME validation when uploading files. This could allow an attacker to inject JavaScript via upload image file feature...

Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization and validation via the Activity Milestone Name Field. This can be exploited by the attacker to inject malicious JavaScript into the application...

Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization and validation via the Activity Search Criteria Activity Number. This can be exploited by the attacker to inject malicious JavaScript into the application...

Cross-Site-Scripting (XSS)

librenms is vulnerable to Cross-Site-Scripting XSS. The vulnerability arises due to improper validation of device group names in DeviceGroupController.php. An attacker can inject arbitrary JavaScript through the device group field, resulting in XSS...

Schneider Electric EcoStruxure Power Monitoring Expert Cross-Site Scripting Vulnerability

The Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric France for power distribution monitoring in IoT environments. A security vulnerability exists in the Schneider Electric EcoStruxure Power Monitoring Expert that stems from a cross-site scripting...

PT-2023-7000 · Siemens · Simatic Pcs Neo

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Description: The issue is related to a stored cross-site scripting vulnerability in the Administration Console of SIMATIC PCS neo. This vulnerability could allow an attacker with high privileges to injec...

PT-2023-26387 · Ibm · Ibm Cics Tx Advanced

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced version 10.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

CVE-2023-5532 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

Cross Site Scripting

Reportico is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization in the project report title. The attacker can exploit this issue by injecting malicious JavaScript in the title field...

Cross site scripting

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

Cross site scripting

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code...

PT-2023-28221 · Ibm · Ibm Cics Tx Standard +2

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 10.1 through 11.1 IBM CICS TX Advanced version 10.1 IBM TXSeries for Multiplatforms versions 8.1 through 9.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the...

CVE-2023-1719

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...