Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2024-30494 · Unknown · Invite Anyone

Name of the Vulnerable Software and Affected Versions: Invite Anyone versions 1.4.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS. Recommendations: For versions 1.4.7...

PT-2024-7656 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.07.1 Description: The issue is related to a reflected Cross Site Scripting XSS vulnerability on the agentPushPreset page. This vulnerability exists due to inadequate protection of the web page...

CVE-2024-6134

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PHPGurukul Old Age Home Management System 安全漏洞

PHPGurukul Old Age Home Management System is a nursing home management system from PHPGurukul, Inc. A security vulnerability exists in version v1.0 of the PHPGurukul Old Age Home Management System, which stems from a Reflected Cross-Site Scripting XSS vulnerability in the searchdata parameter of...

CVE-2024-41242

A Reflected Cross Site Scripting XSS vulnerability was found in /smsa/studentlogin.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter...

Kashipara Responsive School Management System 安全漏洞

Kashipara Responsive School Management System is a school management system from Kashipara. A security vulnerability exists in Kashipara Responsive School Management System version v3.2.0, which originates from a reflected cross-site scripting vulnerability contained in the /smsa/teacherlogin.php...

CVE-2024-6223

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

UBUNTU-CVE-2024-41810

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site...

CVE-2024-6124

Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session...

CVE-2024-5883

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-37211

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5...

CVE-2024-37245

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0...

CVE-2024-6074

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6073

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-37365 · WordPress · Wp-Cart-For-Digital-Products

Name of the Vulnerable Software and Affected Versions: wp-cart-for-digital-products versions prior to 8.5.5 Description: The issue concerns the wp-cart-for-digital-products WordPress plugin, where it fails to escape the REQUEST URI parameter before outputting it back in an attribute. This could...

PT-2024-37838 · Aguardnet Technology · Aguardnet Technology'S Space Management System

Name of the Vulnerable Software and Affected Versions: AguardNet Technology's Space Management System affected versions not specified Description: The issue is related to improper filtering of user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected...

CVE-2024-3801

Sites managed in S@M CMS Concept Intermedia might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...

PT-2024-27875 · Concept Intermedia · S@M Cms

Name of the Vulnerable Software and Affected Versions: S@M CMS Concept Intermedia affected versions not specified Description: The issue concerns a Reflected XSS vulnerability that can be exploited by including scripts in one of the GET header parameters. It is noted that only a part of the...

Concept Intermedia S@M CMS Security Vulnerability

Concept Intermedia S@M CMS is a content management system from Concept Intermedia, Inc. A security vulnerability exists in Concept Intermedia S@M CMS version 3.3 and earlier, which stems from the inclusion of script in the parameters of a request via GET, resulting in a reflected cross-site...