PT-2023-28936 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the MSEARCH HIGHLIGHT ENABLE TITLE1 parameter. This could potentially lead to...

PT-2023-28933 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the SKIP CART PAGE TITLE1 parameter. This potentially leads to unauthorized...

PT-2023-28946 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the orders products status manual name long1 parameter. This could potentially...

PT-2023-28922 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the title parameter. This potentially leads to unauthorized execution of scripts...

PT-2023-28927 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the configuration title1 parameter. This could potentially lead to unauthorized...

PT-2023-28925 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the CatalogsPageDescriptionForm1name parameter. This could potentially lead to...

Cross site scripting

A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

Fujitsu Arconte Áurea Cross-Site Scripting Vulnerability

Fujitsu Arconte Áurea is a view recording system from Fujitsu Japan. A security vulnerability exists in Fujitsu Arconte Áurea versions prior to 1.5.0.0. An attacker could exploit this vulnerability to inject malicious JavaScript code that could compromise and take control of the victim's browser,...

CVE-2023-38582

Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of the web application, the X...

CVE-2023-38582 Socomec MOD3GP-SY-120K Cross-site Scripting

Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of the web application, the X...

CVE-2023-40624

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-40624

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

Code injection

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-40624

SAP NetWeaver AS ABAP (Unified Rendering) is affected in SAP_UI 754–758 and SAP_BASIS 702, 731. The root cause is insufficient validation/escaping of user-supplied data, allowing an attacker to inject JavaScript that is executed in the web application. This can enable an attacker to influence the...

PT-2023-27546 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions SAP UI 754 through SAP UI 758 SAP NetWeaver AS ABAP versions SAP BASIS 702, SAP BASIS 731 Description: The issue allows an attacker to inject JavaScript code that can be executed in the web-application,...

CVE-2023-4294

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

CVE-2023-4294 URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

PT-2023-28647 · WordPress · Url Shortify

Name of the Vulnerable Software and Affected Versions: URL Shortify WordPress plugin versions prior to 1.7.6 Description: The issue allows an unauthenticated attacker to inject malicious javascript that will trigger in the plugin's admin panel with statistics of the created short link, due to the...

WordPress plugin URL Shortify Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2022-22402 IBM Aspera Faspex cross-site scripting

IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571...