Schneider Electric Easergy T200 Cross-Site Scripting Vulnerability

Schneider Electric Easergy T200 is an intelligent digital protection terminal from Schneider Electric France. It is mainly used for protection and control in power systems, helping to monitor and protect power equipment from faults and abnormal operations, thus ensuring the stable operation of th...

CVE-2015-10130

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circlethumbnailsliderwithlightboximagemanagementfunc function. This makes it possible for unauthenticated attacke...

Team Circle Image Slider With Lightbox < 1.0.1 - Image Data Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the circlethumbnailsliderwithlightboximagemanagementfunc function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious...

CVE-2024-2211

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...

Cross site scripting

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...

BIT-ESPOCRM-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

Cross site scripting

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

CVE-2024-0590

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project id and add...

Cross site request forgery (csrf)

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project id and add...

CVE-2023-41165

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...

CVE-2023-41165

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...

CVE-2023-37531

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

CVE-2023-37530

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information...

CVE-2023-37530

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information...

CVE-2023-37531

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

Design/Logic Flaw

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

Stormshield Network Security Security Vulnerabilities

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security that stems from the fact that an administrator with write access can configure login disclaimers using...

Cockpit Cross-Site Scripting Vulnerability

Cockpit is an interactive server management interface. A cross-site scripting vulnerability exists in Cockpit CMS version 2.7.0. An attacker can exploit this vulnerability to upload an infected PDF file and store a malicious JavaScript load to be executed when the file is uploaded...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform that stems from the...