Stored Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-site Scripting. The vulnerability exists due to a lack of validation in the user input of Link.php, which allows an attacker to inject and execute malicious Javascript into the browser...

Mars: Reflected XSS on formaction parameter

The formaction parameter of the target application was found to contain a reflected Cross-Site Scripting XSS vulnerability. User-supplied data was reflected back without proper sanitization, allowing for the injection of malicious JavaScript code. The issue was compounded by potential cache...

Cross-Site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser, which leads to potential account takeover...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly validate the markdown links, which allows an attacker to inject and execute malicious javascript...

Cross-Site Scripting (XSS)

typo3/html-sanitizer is vulnerable to Cross-Site Scripting XSS. The vulnerability exists because a malicious text embedded in a noscript element was not encoded appropriately due to a serialization layer encoding bug, which allows an attacker to inject and execute arbitrary JavaScript when noscri...

CVE-2023-31466

An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration - Compliance - Add a new compliance report" and "Configuration - Timekeeper Configuration - Add a new source there" screens, there are entry points to inject JavaScript code...

Cross-Site Scripting (XSS)

copyparty is vulnerable to Cross-Site Scripting. The vulnerability exists due to a lack of user input validation in the ?k304= and ?setck= parameters which allows an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2023-23345 · Fsmlabs · Fsmlabs Timekeeper

Name of the Vulnerable Software and Affected Versions: FSMLabs TimeKeeper version 8.0.17 Description: A cross-site scripting XSS issue was found, allowing for the injection of JavaScript code on specific screens. The affected screens include "Configuration - Compliance - Add a new compliance...

CVE-2023-31466

CVE-2023-31466 – FSMLabs TimeKeeper 8.0.17 XSS Affected software: FSMLabs TimeKeeper v8.0.17. Vulnerability: Cross-site scripting (XSS) due to multiple JavaScript code injection entry points on the UI. Specifically, the following screens expose potential injection points: 1) Configuration → Compl...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

CVE-2023-38057 XSS stored in survey answers

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22, which originates from a vulnerability that allows an attacker to change the filename of an uploaded file to include JavaScript code, which is then stored and executed by...

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include JavaScript code, which is then stored and executed by the...

PT-2023-12955 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Site Configuration Tool website section, where a malicious user can change the filename of an uploaded file to include JavaScript code. This code is then stored and executed ...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the name and lastname fields are not properly sanitized in the users.js.php, which allows an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

tarteaucitronjs is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of user-input sanitization in width, theme, controls, img, and other parameters, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

XWiki 4.2-milestone-1 < 14.6 XSS Vulnerability (GHSA-m3jr-cvhj-f35j)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...