232 matches found
CVE-2023-53882
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...
CVE-2023-53882
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...
CVE-2023-53882 JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...
JLex GuestBook 跨站脚本漏洞
JLex GuestBook is a visitor message board component of JLexArt open source. A cross-site scripting vulnerability exists in JLex GuestBook version 1.6.4, which stems from the presence of reflective cross-site scripting in the q URL parameter, which could lead to the injection of malicious script...
PT-2025-51300
Name of the Vulnerable Software and Affected Versions JLex GuestBook version 1.6.4 Description The software contains a reflected cross-site scripting issue in the q URL parameter. This allows attackers to inject malicious scripts. Attackers can create malicious links with XSS payloads to...
CVE-2025-40700
Reflected Cross-Site Scripting XSS in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such a...
CVE-2025-40700 Reflected Cross-Site Scripting (XSS) in Governalia by IDI Eikon
Reflected Cross-Site Scripting XSS in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such a...
CVE-2025-20379
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...
CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...
CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
CVE-2025-63543 affects TechStore 1.0 with an unvalidated q parameter in the /search_results endpoint, enabling Cross-Site Scripting (XSS). Public sources across Red Hat, NVD, CNNVD, EUVD, CVE/CVEList, and Vuln enrichment consistently describe a reflected/stored-like XSS concern tied to the search...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-12267
A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...
PT-2025-43934
Name of the Vulnerable Software and Affected Versions abhicodebox ModernShop version 20250922 Description A flaw exists in the processing of the /search file within abhicodebox ModernShop. Manipulation of the q argument can lead to cross site scripting, potentially allowing for remote attacks. Th...
EUVD-2020-14965
Malware in sbrugna...
EUVD-2025-32551
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...