PT-2024-17: Stored Cross-Site Scripting (Stored XSS) in Moodle

The vulnerability was identified in Moodle versions 4.0 - 4.3.3, 4.2 - 4.2.6, 4.1 - 4.1.9 and older unsupported versions. Insufficient sanitization while opening the equation editor leads to Stored XSS attack when editing another user's equation. Discovered vulnerability allows an attacker to...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

PT-2023-28839

Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser version 6.65.022 dab24cc6 231221 gp Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivit...

PT-2023-30655 · Unknown · Com.Yunyi.Smartcamera

Name of the Vulnerable Software and Affected Versions: com.yunyi.smartcamera application through 4.1.9 20231127 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

vlady-mix TV Browser Security Vulnerability

vlady-mix TV Browser is a web browser for Android TV from vlady-mix. A security vulnerability exists in vlady-mix TV Browser version 4.5.1 and earlier, which stems from an exposed MainActivity and can be exploited by an attacker to execute JavaScript code...

PT-2023-30656 · Unknown · Com.Altamirano.Fabricio.Tvbrowser

Name of the Vulnerable Software and Affected Versions: com.altamirano.fabricio.tvbrowser TV browser application versions through 4.5.1 for Android Description: The issue allows for JavaScript code execution via an explicit intent due to an exposed MainActivity. This could potentially lead to...

Engelsystem Cross-Site Scripting Vulnerability

Engelsystem is an open source shift planning system from Engelsystem. A cross-site scripting vulnerability exists in versions prior to Englesystem v3.4.1 that stems from insufficient validation of user-supplied data, allowing injection and execution of Javascript code in another user's environmen...

CVE-2023-6769

CVE-2023-6769 affects Amazing Little Poll versions 1.3 and 1.4. A Stored XSS flaw exists in the lp_admin.php file, where attacker-controlled data in the question and item parameters can store a malicious JavaScript payload. This payload could execute as the page loads, per the CVE/NVD description...

CVE-2023-6769 Stored XSS vulnerability in Amazing Little Poll

Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lpadmin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution...

CVE-2023-6769 Stored XSS vulnerability in Amazing Little Poll

Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lpadmin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution...

Cross Site Scripting (XSS)

malojaserver is vulnerable to Cross Site Scripting XSS attack. The vulnerability arises due to the error page reflecting the missing path to the user. An attacker can execute arbitrary JavaScript in the malojaserver's client context...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9998791)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-48615

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48616

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48588

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48572

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...