CVE-2023-48495 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-48502 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-48506 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-6366

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be...

CVE-2023-6366

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be...

CVE-2023-6365

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be...

CVE-2023-47623 Scrypted reflected Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...

Scrypted Cross-Site Scripting Vulnerability

Scrypted is a high-performance home video integration platform with intelligent detection by the individual developer Koushik Dutta. A cross-site scripting vulnerability exists in Scrypted 0.55.0 and earlier versions, which stems from the presence of a reflective cross-site scripting vulnerabilit...

Scrypted Cross-Site Scripting Vulnerability

Scrypted is a high-performance home video integration platform with intelligent detection by the individual developer Koushik Dutta. A cross-site scripting vulnerability exists in Scrypted 0.55.0 and earlier versions, which stems from the presence of a reflective cross-site scripting vulnerabilit...

CVE-2023-46282

A vulnerability has been identified in Opcenter Execution Foundation All versions V2407, Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal...

CVE-2023-4932 Reflected Cross-Site Scripting in SAS 9.4

SAS application is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in the program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a...

CVE-2023-49802

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin an...

Cross site scripting

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin an...

CVE-2023-49802 MantisBT LinkedCustomFields Cross-site Scripting vulnerability

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin an...

CVE-2023-49802 MantisBT LinkedCustomFields Cross-site Scripting vulnerability

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin an...

CVE-2023-49802 MantisBT LinkedCustomFields Cross-site Scripting vulnerability

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin an...

GHSA-VWHF-3V6X-WFF8 Cross-site Scripting (XSS) in MLflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

Cross-site Scripting (XSS) in MLflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

CVE-2023-6033

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...