Cross site request forgery (csrf)

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

Cross-site Scripting (XSS)

phpbb/phpbb is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the main function in acpicons.php does not adequately escape the smilies URL and does not prevent the use of a .pak filename, allowing an attacker to inject and execute malicious JavaScript...

CVE-2023-46475

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code...

CVE-2023-46475

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to Cross-site Scripting XSS. The vulnerability in the favorite feature of form.php because it fails to properly escape malicious characters before rendering. This allows an attacker to inject and execute malicious JavaScript in the web browser when accessing th...

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

VulnCheck KEV: CVE-2023-5631

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

Cross-site Scripting (XSS)

modoboa is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the profile page due to improper input sanitization when switching languages, which allows an attacker to inject malicious JavaScript...

Small CRM Request a Quote Field Cross-Site Scripting Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of data provided in the Request a Quote field, which can be exploited by an attacker to store and execute malicious...

CVE-2023-45279

Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...

PYSEC-2023-229

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

PYSEC-2023-229

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

CVE-2023-45815 Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context in ArchiveBox

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

CVE-2023-45279

Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...

Yamcs Cross-Site Scripting Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which stems from the fact that it is possible to upload a display...

PT-2023-29705 · Unknown +1 · Archivebox +1

Name of the Vulnerable Software and Affected Versions: ArchiveBox affected versions not specified Description: The issue affects users of the wget extractor who view the content it outputs. If a user is logged in to the ArchiveBox admin site in the same browser session and views an archived...

CVE-2023-5087

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...

CVE-2023-5087 PageLayer < 1.7.8 - Author+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...

Cross Site Scripting (XSS)

ConcreteCMS is vulnerable to Cross Site Scripting. The vulnerability is due to injecting a crafted script into the Forms of the Data objects. The attacker can exploit this vulnerability by injection malicious JavaScript on client side...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of input validation in the library, which allows an attacker to inject and execute malicious javascript through the maliciously crafted URL in the WebIDE beta...