5082 matches found
CVE-2023-37630
Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting XSS. An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS...
Cross site scripting
IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650...
GHSA-FXCR-GVCW-HMQM Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
CVE-2023-24497
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...
CVE-2023-24497
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...
CVE-2023-24496
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...
CVE-2023-24496
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...
Milesight VPN 安全漏洞
Milesight VPN is a web-based VPN monitoring and management platform from China-based Milesight. A security vulnerability exists in Milesight VPN v2.0.2. An attacker can exploit this vulnerability to cause arbitrary Javascript code injection via a specially crafted HTTP request...
DEBIAN-CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
PYSEC-2023-93
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
Design/Logic Flaw
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
PYSEC-2023-93
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
UBUNTU-CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
Pacparser 注入漏洞
Pacparser is a library for parsing Proxy Autoconfiguration PAC files by the individual developer Manu Garg. A security vulnerability exists in versions of Pacparser prior to 1.4.2 that stems from allowing JavaScript injection when an attacker takes control of a URL and may allow privilege...
PT-2023-25930 · Pacparser +1 · Pacparser +1
Name of the Vulnerable Software and Affected Versions: Pacparser versions prior to 1.4.2 Description: The issue allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL, which may be realistic within enterprise security products. Recommendations: For...
CVE-2023-37360
Pacparser ( Pacparser ) before 1.4.2 is affected by CVE-2023-37360 through the function pacparser_find_proxy. The vulnerability arises when the attacker controls the URL, enabling JavaScript injection and potentially privilege escalation within enterprise security product scenarios. The provided ...