11 matches found
CVE-2018-25292
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an...
PT-2024-34522 · Snipe-It · Snipe-It
Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 build 15514 Description: The issue allows a low-privileged attacker to modify their profile name and inject a malicious payload into the Name field. When an administrator later accesses the People Management page,...
CVE-2023-43331
A cross-site scripting XSS vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33793
A stored cross-site scripting XSS vulnerability in the Create Power Panels /dcim/power-panels/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33789
A stored cross-site scripting XSS vulnerability in the Create Contact Groups /tenancy/contact-groups/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33785
A stored cross-site scripting XSS vulnerability in the Create Rack Roles /dcim/rack-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2022-36548
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
Edoc-doctor-appointment-system 跨站脚本漏洞
Edoc-doctor-appointment-system is a simple web project for e-access by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version v1.0.1, which stems from a stored cross-site scripting vulnerability discovered via /patient/settings.php. An attacker...
CVE-2022-22853
A stored cross-site scripting XSS vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
Red Hat Wildfly 跨站脚本漏洞
Red Hat Wildfly is the United States Red Hat Red Hat, Inc. of a lightweight JavaEE-based open source application server . A cross-site scripting vulnerability exists in Red Hat Wildfly versions prior to 23.0.2. An attacker can exploit this vulnerability by adding a payload to the name field to...