CVE-2023-40451

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...

Cross Site Scripting

memos is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient checks in the following /o/get/image?url= endpoint which is used to fetch external images. This can be exploited by the attacker to fetch malicious external image such as svg file and execute malicious javascrip...

Student Management System Cross-Site Scripting Vulnerability

Student Management System is a simple web-based student management software from the individual developer Sk. Amir Hamza of Bangladesh. A cross-site scripting vulnerability exists in Student Management System v1.2.3 that could allow an attacker to execute arbitrary Javascript in the victim user's...

CVE-2023-38876

A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'...

CVE-2023-42656

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a reflected cross-site scripting XSS vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer...

Head Start Cross-Site Scripting Vulnerability

Head Start is a web-based knowledge mapping software open-sourced by Open Knowledge Maps. Designed to give researchers a head start on literature reviews hence the name. A security vulnerability exists in Open Knowledge Maps Head Start, Visual Project Explorer version 1.0. An attacker exploited t...

The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks, FortiProxy, arises from the lack of measures taken to protect the structure of web pages. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks FortiProxy exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2023-40617

A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'...

Cross site scripting

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated...

CVE-2023-29305

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

Cross Site Scripting (XSS)

matrix-media-repo is vulnerable to a Cross Site Scripting XSS. The vulnerability is due to a lack of content-type validation, which allows an attacker to upload a SVG image containing JavaScript leading to the execution of JavaScript in the user’s browser...

SUSE CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2023-40624 Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

CVE-2023-42471

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

PT-2023-28360 · Imou Life · Imou Life

Name of the Vulnerable Software and Affected Versions: Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android Description: The issue allows Remote Code Execution via a crafted intent to an exported component, specifically relating to the com.mm.android.easy4ip.MainActivity...

Govee Home Security Breach

Govee Home is a software application. Govee Home contains a security vulnerability that stems from the fact that the WebView component can be opened by any application on the device, and by sending the URL to a specially crafted website, an attacker can execute JavaScript in the WebView context o...

Wave Browser Code Injection Vulnerability

Wave Browser is a browser. A security vulnerability exists in Wave Browser version 1.0.35 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary JavaScript code...

PT-2023-28361 · Unknown · Wave.Ai.Browser

Name of the Vulnerable Software and Affected Versions: wave.ai.browser application through 1.0.35 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the...

matrix-media-repo Cross-Site Scripting Vulnerability

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cross-site scripting vulnerability exists in matrix-media-repo versions prior to 1.3.0, which originates from a vulnerability that allows an attacker to upload an SVG image containing JavaScript script to a serv...