Webmin Usermin 跨站脚本漏洞

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability in webmin Usermin version 2.000, which originates from a cross-site scripting XSS vulnerability in the File Manager tab, allows remote...

PT-2023-7963 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: The issue is related to the saveNodeLabel method in the NETGEAR ProSAFE Network Management System, which lacks proper validation of user-supplied data. Thi...

G3W-SUITE 跨站脚本漏洞

G3W-SUITE is G3W-SUITE open source a framework built using Django and VueJs . A security vulnerability exists in G3W-SUITE version 3.5 that allows remote users to inject arbitrary web script or HTML and gain privileges via the description parameter...

GHSA-QXF6-MP24-52CV Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

HotelDruid 跨站脚本漏洞

HotelDruid is a hotel management system by the Digitaldruid.net team. The system includes features such as room management, financial management and inventory management. A cross-site scripting vulnerability exists in HotelDruid version 3.0.5. A remote attacker can exploit this vulnerability to...

CVE-2023-27923

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

Schweitzer Engineering Laboratories Real Time Automation Controller 跨站脚本漏洞

Schweitzer Engineering Laboratories Real Time Automation Controller SEL RTAC is a powerful and versatile automation platform from Schweitzer Engineering Laboratories. A security vulnerability exists in the Schweitzer Engineering Laboratories Real Time Automation Controller that originates from...

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

PT-2023-12114

Name of the Vulnerable Software and Affected Versions Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description The issue allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. This is a cross-site scripting XSS...

PT-2023-12553 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script in the browser of a victim via crafted uploaded file names. This is a cross-site...

CVE-2023-20140 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

CVE-2022-38220

An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...

Quest KACE Systems Management Appliance 跨站脚本漏洞

Quest Software Quest KACE Systems Management Appliance is an IT asset management appliance from Quest Software, USA. A security vulnerability exists in Quest KACE Systems Management Appliance SMA version 12.1 and earlier. An attacker can exploit this vulnerability to remotely inject arbitrary web...

CVE-2022-38220

An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...

SUSE CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...

SUSE CVE-2005-3301

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to 1 left.php, 2 queryframe.php, or 3 serverdatabases.php...

SUSE CVE-2005-3425

Cross-site scripting XSS vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424...

SUSE CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

SUSE CVE-2007-1055

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177...

SUSE CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...