CVE-2023-6364

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker...

CVE-2023-6366 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Alert Center

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be...

PT-2023-7851 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to the lack of protection of the web page structure in Adobe Experience Manager AEM, which can be exploited by a remote attacker to execute arbitrary code....

PT-2023-8638 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue exists due to inadequate protection of the web page structure. Exploitation may allow a remote attacker to execute arbitrary code. A low-privileged attacker can...

PT-2023-7802 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to the lack of protection of the web page structure in Adobe Experience Manager AEM, which can be exploited by a remote attacker to execute arbitrary code....

CVE-2023-6333

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session...

CVE-2023-6333

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session...

CVE-2023-6333

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session...

CVE-2023-6333 Cross-site Scripting in ControlByWeb Relays

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session...

Control By Web Relay Cross-Site Scripting Vulnerability

Control By Web Relay is a web control relay from Control By Web. A security vulnerability exists in Control By Web Relay X-332 and X-301, which stems from susceptibility to a stored cross-site scripting vulnerability that could allow an attacker to inject arbitrary script into the endpoints of a...

Cross-site Scripting (XSS)

vite is vulnerable to Cross-Site Scripting. This vulnerability exists because it does not properly sanitize inline scripts in the server.transformIndexHtml function, allowing an attacker to inject and execute malicious JavaScript into the browser. This vulnerability is only exploitable if the...

mailcow dockerized cross-site scripting vulnerability

mailcow is a mail server suite. A cross-site scripting vulnerability exists in mailcow dockerized, which stems from a cross-site scripting XSS vulnerability in the system's Quarantine UI, which can be exploited by an attacker to send a crafted email containing malicious JavaScript code...

Cross-site Scripting (XSS)

com.liferay.portal is vulnerable to Cross-Site Scripting. The vulnerability exists due to a lack of user input validated in the plbackurltitle parameter, which allows an attacker to inject and execute malicious JavaScript...

Cross site scripting

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting XSS attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script...

BVRP Software Avanquest Software SLmail Cross-Site Scripting Vulnerability

BVRP Software Avanquest Software SLmail BVRP Software SLmail is an email server solution from BVRP Software, France. A cross-site scripting vulnerability exists in BVRP Software Avanquest Software SLmail version 5.5.0.4433. An attacker exploits the vulnerability to store a malicious JavaScript lo...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

LibreNMS Cross-site Scripting at Device groups Deletion feature

Summary XSS attacks occurs when application is not sanitising inputs properly and rendering the code from user input to browser which could allow an attacker to execute malicious javascript code. PoC 1. Login 2. Create a device group in /device-groups 3. Name it as " 4. save it 5. Go to services...

Cross site scripting

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information...

CVE-2023-4771 Cross-Site Scripting vulnerability in CKSource CKEditor

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information...

GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...