CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

PT-2023-23733 · Ibm · Ibm Maximo Application Suite +1

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite versions 8.9 through 8.10 IBM Maximo Asset Management versions 7.6.1.2 through 7.6.1.3 Description: A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web...

SUSE CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...

DEBIAN-CVE-2022-4187

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

docsify 跨站脚本漏洞

docsify is a documentation website generator. A cross-site scripting vulnerability exists in docsify versions prior to 4.12.0. The vulnerability stems from the fact that it is possible to bypass the isURL external check by inserting more "////" characters to clean up the HTML code on the homepage...

MGASA-2020-0374 Updated novnc package fixes a security vulnerability

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. CVE-2017-18635...

Yahei-PHP Prober 0.4.7 HTML Injection

Yahei-PHP Prober v0.4.7 speed Remote HTML Injection Vulnerability Vendor: Yahei.Net Product web page: http://www.yahei.net Affected version: 0.4.7 Summary: Detection of system web server operating environment. Desc: Input passed to the GET parameter 'speed' is not properly sanitised before being...

UBUNTU-CVE-2019-5833

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page...

CVE-2019-3562

A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11...

The vulnerability of the onUploadLogPic component of the software controller allows for the insertion of arbitrary HTML code by intruders, enabling them to manipulate wireless networks through the D-Link Central WiFi Manager.

The vulnerability of the onUploadLogPic component of the software controller for D-Link Central WiFi Manager’s centralized wireless network management system is related to insufficient restrictions on file uploads. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML co...

YMFE YApi Cross-Site Scripting Vulnerability

YMFE YApi is a visual interface management platform. A cross-site scripting vulnerability exists in the item name field in YMFE YApi version 1.3.23. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-24625)

IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...

McAfee Threat Intelligence Exchange Server Code Injection Vulnerability

McAfee Threat Intelligence Exchange TIE Server is the United States McAfee McAfee company's set of threat detection and corresponding solutions. The program includes real-time protection, threat detection and endpoint protection. ePolicy Orchestrator ePO extension is one of the security managemen...

CVE-2018-4111

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature...

The vulnerability of Google Chrome browser’s Blink rendering module allows a hacker to execute arbitrary code.

The vulnerability of the Blink rendering module in Google Chrome browsers is related to incorrect type conversion. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted HTML page from a remote location...

Cross-Site Scripting Vulnerability in Multiple EMC Products

EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA Identity Management and Governance are products of EMC Corporation.EMC RSA Identity Governance and Lifecycle is a suite of lifecycle management solutions; EMC RSA Identity Management and Governance IMG is a suite...

72119858.hullapp.io XSS vulnerability

Open Bug Bounty ID: OBB-168543 Description| Value ---|--- Affected Website:| 72119858.hullapp.io Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2016-01170)

SharePoint Server is an integrated suite of server capabilities that provides comprehensive content management and enterprise search, accelerates shared business processes and simplifies information sharing across boundaries. Microsoft SharePoint Foundation 2013 SP1 has a cross-site scripting...

The vulnerability of the Firefox browser, which allows a hacker to execute cross-site scripting attacks

The vulnerability of the nsCSPHostSrc::permits function in Firefox exists due to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely...

Mozilla Firefox OS Cross-Site Scripting Vulnerability (CNVD-2015-05193)

Firefox OS is an open source mobile operating system with a Linux kernel for smartphones. Mozilla Firefox OS versions prior to 2.2, Gaia's Search application suffers from multiple cross-site scripting vulnerabilities in its implementation. A remote attacker could exploit these vulnerabilities to...