CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

CVE-2023-3055

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhsave' function. This makes it possible for unauthenticated attackers to update the post content an...

Splunk 跨站脚本漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

CVE-2023-33961

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

CVE-2023-33961 Leantime Stored Cross-site Scripting Vulnerability

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

USN-6120-1: SpiderMonkey vulnerabilities

Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...

USN-6120-1 mozjs102 vulnerabilities

Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability exists via the name parameter on API integrations due to lack of sanitization which allows an attacker to inject and execute malicious javascript...

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

JIZHICMS 跨站脚本漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology. A security vulnerability exists in JIZHICMS version v2.4.6, which stems from the presence of a Cross-Site Scripting Attack XSS vulnerability that allows an...

Cross-site Scripting (XSS)

rollout-ui is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the feature's name attribute in the library does not properly escape in the Do you really want to delete confirmation dialogue when the user clicks Delete, which allows an attacker to inject and execute malicio...

Cross-Site Scripting (XSS)

org.xwiki.commons:xwiki-commons-xml is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape arbitrary HTML code before it output to the front end, allowing an attacker to inject and execute malicious javascript on the victim's browser...

Stored Cross-Site Scripting (XSS)

apacheairflow is vulnerable to Stored Cross-Site Scripting XSS attacks. The library uses template literals to construct html elements, which allows an attacker to execute malicious JavaScript on victim's browser through XSS payloads stored on the application server...

Cross-site Scripting (XSS)

opentsdb is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the internalError and badRequest functions of HttpQuery.java, which allows an attacker to inject and execute malicious JavaScript through th...

Cross Site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

CVE-2023-25827

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

Arbitrary Code Execution

jena-arq is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the insufficient validation of user scripting queries in the library, which allows an attacker to inject and execute malicious JavaScript via a SPARQL query when invoking custom scripts...

Stored Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists due to the improper sanitization in the adminlog of the stat.adminlog.php, which allows an attacker to inject and execute malicious JavaScript through the $text attribute...

Cross-Site Scripting (XSS)

editor.md is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end as a crafted script through the editor parameter, which allows an attacker to inject and execute malicious JavaScript in the victim's browser...