100 matches found
CVE-2024-35739
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through 7.7.1...
PT-2024-26650 · Unknown · Propertyhive
Name of the Vulnerable Software and Affected Versions: PropertyHive versions n/a through 2.0.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker can inject...
PT-2024-24907 · Unknown · Lorna Timbah (Webgrrrl) Accessibility Widget
Name of the Vulnerable Software and Affected Versions: Lorna Timbah webgrrrl Accessibility Widget versions n/a through 2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...
CVE-2024-33639
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...
WonderCMS 安全漏洞
WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data on the Home page, and can be exploited by an attacker to steal the victim's...
CVE-2024-29099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Evergreen Content Poster allows Reflected XSS.This issue affects Evergreen Content Poster: from n/a through 1.4.1...
CVE-2024-22137
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...
PT-2023-31845 · Unknown · Aleksandar Urošević Stock Ticker
Name of the Vulnerable Software and Affected Versions: Aleksandar Urošević Stock Ticker versions 3.23.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
CVE-2023-5985
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values...
CVE-2022-39057
RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...
Command injection
RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...
CVE-2022-39057 Changing Information Technology Inc. RAVA certificate validation system - Command Injection
RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...
Online Car Wash Booking System SQL注入漏洞
Online Car Wash Booking System is an online car wash booking system by Carlo Montero, a personal developer. Online Car Wash Booking System v1.0 is vulnerable to SQL injection, which originates from /ocwbs/admin/services/ manageprice.php?id=The page lacks validation for external input SQL...
CVE-2021-4179
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-41029
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...
PT-2019-1993 · Cisco · Cisco Umbrella
Name of the Vulnerable Software and Affected Versions: Cisco Umbrella affected versions not specified Description: A vulnerability in Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user in a network protected by Umbrella. The...
DESTOON B2B Cross-Site Scripting Vulnerability
DESTOON B2B is a PHP and MySQL based on open source B2B e-commerce website management system . A cross-site scripting vulnerability exists in the admin\setting.inc.php page in DESTOON B2B version 7.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...
CVE-2018-4149
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page...
Multiple vulnerabilities in multiple Buffalo broadband routers
Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...
PT-2005-4523 · Php · Php-Post
Name of the Vulnerable Software and Affected Versions: PHP-Post PHPp version 1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through the subject in a post or by manipulating th...