The vulnerability of the Calltouch analytics service lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary scripts.

The vulnerability of the Calltouch analytics service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

The vulnerability of the sysinfo.cgi script implemented in the Webmin hosting control panel allows a hacker to execute arbitrary scripts.

The vulnerability in the sysinfo.cgi script of the Webmin hosting panel exists because measures are not taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

PT-2024-5256 · Ibm · Ibm Security Directory Integrator +1

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0 Description: The issue is related to stored cross-site scripting in the web interface of the affected software, allowing users to embed...

VulnCheck KEV: CVE-2016-4945

Cross-site scripting XSS vulnerability in vpn/js/gatewayloginformview.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSCTMAC cookie...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

WordPress plugin WP Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-23651 · Unknown · Rageframe2

Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload drive parameter...

Cross site scripting

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts...

PT-2024-15935 · Tenable · Tenable Nessus

Name of the Vulnerable Software and Affected Versions: Tenable Nessus affected versions not specified Description: A stored XSS issue exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, leading to the execution ...

Tenable Network Security Nessus Cross-Site Scripting Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. Nessus suffers from a cross-site scripting vulnerability. A remote attacker exploiting this vulnerability may be able to change Nessus proxy settings, which could lead to the executi...

The vulnerability of the bumsys business management system, related to the remote execution of PHP files, allows a hacker to execute arbitrary code.

The vulnerability of the bumsys business management system is related to the remote execution of PHP files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests...

PT-2023-9189 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a lack of protection for the web page structure in the Thumbnails component of the Redmine web application, allowing for cross-site...

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service allows a attacker to perform XSS attacks.

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service relates to the failure to take measures to neutralize the script in the web page’s attributes. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2023-20005

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

PT-2023-7523 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the ACEManager component of the ALEOS operating system, which does not validate uploaded file names and types. This could potentially allow an authenticated user to perform...

PT-2023-19816 · Unknown · Sunnet Ctms

Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...

PT-2023-3048 · Dassault Systèmes · Delmia Apriso

Name of the Vulnerable Software and Affected Versions: DELMIA Apriso versions Release 2017 through Release 2022 Description: The issue is related to a reflected Cross-site Scripting XSS vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary script code,...

PT-2023-21172 · Sap · Sap Diagnostic Agent

Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected...

PT-2023-2115 · Aruba · Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: The issue concerns a reflected cross-site scripting XSS attack within the web-based management interface of ClearPass Policy Manager. This could allow a remote attacker to...