5082 matches found
CVE-2023-4492
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4492
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
Design/Logic Flaw
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4492
CVE-2023-4492 is an XSS vulnerability in Easy Address Book Web Server 1.6 affecting multiple parameters in the /addrbook.ghp page (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). The issue allows injecting a JavaScript payload that r...
Cross site scripting
Cross-site Scripting XSS reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response...
PT-2023-29317 · Unknown · Easy Address Book Web Server
Name of the Vulnerable Software and Affected Versions: Easy Address Book Web Server version 1.6 Description: The issue affects the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, and workzip of the "/addrbook.ghp" file, allowing an...
NXLog Cross-Site Scripting Vulnerability
Nxlog is a log collection and centralization software from Nxlog, Inc. that supports multiple operating systems. A cross-site scripting vulnerability exists in NXLog Manager version 5.6.5633, which arises from improper cleaning of input parameters and allows an attacker to inject a malicious...
CVE-2023-43735
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "formatstitles7" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-5112
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "specialstypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43725
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ordersproductsstatusnamelong1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43717
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHHIGHLIGHTENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43708
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "configurationtitle1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43707
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm1name " parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
PT-2023-28947 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the stock indication text1 parameter. This could lead to unauthorized execution ...
PT-2023-31767 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the featured type name1 parameter. This could potentially lead to unauthorized...
PT-2023-28941 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the PACKING SLIPS SUMMARY TITLE1 parameter. This could potentially lead to...
PT-2023-28954 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the company address parameter. This could potentially lead to unauthorized...
PT-2023-28952 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the zone name parameter, potentially leading to unauthorized execution of script...
PT-2023-28924 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the email templates key parameter. This could potentially lead to unauthorized...