CVE-2024-33528

A Stored Cross-site Scripting XSS vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...

Computer Laboratory Management System 安全漏洞

Computer Laboratory Management System is a computer laboratory management system. A security vulnerability exists in Sourcecodester Computer Laboratory Management System version 1.0, which originates from a cross-site scripting vulnerability that allows remote attackers to inject arbitrary web...

VulnCheck KEV: CVE-2020-23814

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

PT-2024-4456 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to insufficient protection of the web page structure, which can be exploited by a remote attacker to execute arbitrary code. A stored Cross-Site Scripting...

Totara LMS Cross-Site Scripting Vulnerability

Totara LMS is a learning management system from Totara. A cross-site scripting vulnerability exists in Totara LMS version 18.0.1 Build 20231128.01, which stems from the fact that admin/roles/check.php in the component Profile Handler contains some unknown functions that lead to cross-site scripti...

CVE-2024-3841

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...

PT-2024-23651 · Unknown · Rageframe2

Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload drive parameter...

CVE-2024-2778

A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched...

CVE-2024-22936

Cross-site scripting XSS vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2024-26269

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Cross site scripting

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts...

PT-2024-15935 · Tenable · Tenable Nessus

Name of the Vulnerable Software and Affected Versions: Tenable Nessus affected versions not specified Description: A stored XSS issue exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, leading to the execution ...

Tenable Network Security Nessus Cross-Site Scripting Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. Nessus suffers from a cross-site scripting vulnerability. A remote attacker exploiting this vulnerability may be able to change Nessus proxy settings, which could lead to the executi...

Group Office CRM 安全漏洞

Group Office CRM is a software application. Share projects, calendars, files and emails with colleagues and clients online. Easy to use and fully customizable. A security vulnerability exists in Group Office CRM versions prior to v6.6.182, prior to v6.7.64, and prior to v6.8.31. A remote attacker...

CVE-2023-51946

Multiple reflected cross-site scripting XSS vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML...

GHSA-859H-4W58-78XW Cross-site Scripting in JFinal

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...