Cross-Site Scripting (XSS)

lavalite/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the account name parameter, which allows an attacker to inject arbitrary JavaScript into the browser...

Splunk 跨站脚本漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

Lost and Found Information System Cross-Site Scripting Vulnerability

Lost and Found Information System is a lost and found management system. A cross-site scripting vulnerability exists in Lost and Found Information System version 1.0, which can be exploited by attackers to inject malicious JavaScript script...

Lost and Found Information System 安全漏洞

Lost and Found Information System is a lost and found management system. A cross-site scripting vulnerability exists in Lost and Found Information System version 1.0, which can be exploited by attackers to inject malicious JavaScript script...

CVE-2023-33962 JStachio XSS vulnerability: Unescaped single quotes

JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...

CVE-2023-33961 Leantime Stored Cross-site Scripting Vulnerability

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

CVE-2023-33961

Leantime (v2.3.21 and later) is affected by a stored cross-site scripting vulnerability. An authenticated user with commenting privileges can inject malicious JavaScript into a comment, which executes in other users’ browsers when the comment is viewed. The available documents state that a patch ...

CVE-2023-2113

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

CVE-2023-2113

Summary: CVE-2023-2113 affects the Autoptimize WordPress plugin prior to 3.1.7. The vulnerability arises from failing to sanitize and escape settings imported from a previous export, enabling a high-privilege user (e.g., an administrator) to inject arbitrary JavaScript into the admin panel (store...

Cross-site Scripting (XSS)

workflow-job is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the displayName attribute of the summary.jelly does not escape before being rendered, allowing an attacker to inject and execute malicious JavaScript...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

CVE-2023-20868

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages...

CVE-2023-20868

CVE-2023-20868 is a reflected cross-site scripting vulnerability in VMware NSX-T due to insufficient input validation. A remote attacker could inject HTML/JavaScript to redirect victims to malicious pages. The connected VMSA-2023-0010 advisory specifies affected NSX-T 3.2.x and that the vulnerabi...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the getGridFilterCondition at TranslationController.php because the field names are not properly escaped which allows an attacker to inject and execute arbitrary JavaScript...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in static routes panel because the name parameter is not properly sanitized which allows an attacker to inject and execute arbitrary JavaScript...

Cross site scripting

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

Wekan 跨站脚本漏洞

Wekan is a website builder from the Wekan team that provides the ability to make planning lists and plan time. A security vulnerability exists in Wekan version v6.84. An attacker exploiting the vulnerability can insert JavaScript code...