CVE-2023-39938

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script...

Webmin Usermin 跨站脚本漏洞

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability in webmin Usermin version 2.000, which originates from a cross-site scripting XSS vulnerability in the File Manager tab, allows remote...

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

PT-2023-7523 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the ACEManager component of the ALEOS operating system, which does not validate uploaded file names and types. This could potentially allow an authenticated user to perform...

PT-2023-7963 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: The issue is related to the saveNodeLabel method in the NETGEAR ProSAFE Network Management System, which lacks proper validation of user-supplied data. Thi...

G3W-SUITE 跨站脚本漏洞

G3W-SUITE is G3W-SUITE open source a framework built using Django and VueJs . A security vulnerability exists in G3W-SUITE version 3.5 that allows remote users to inject arbitrary web script or HTML and gain privileges via the description parameter...

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 AX1800 Wi-Fi routers to rope the devices into a distributed denial-of-service DDoS botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work ...

CVE-2023-34666

Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...

GHSA-QXF6-MP24-52CV Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

HotelDruid 跨站脚本漏洞

HotelDruid is a hotel management system by the Digitaldruid.net team. The system includes features such as room management, financial management and inventory management. A cross-site scripting vulnerability exists in HotelDruid version 3.0.5. A remote attacker can exploit this vulnerability to...

CVE-2023-27923

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

Schweitzer Engineering Laboratories Real Time Automation Controller 跨站脚本漏洞

Schweitzer Engineering Laboratories Real Time Automation Controller SEL RTAC is a powerful and versatile automation platform from Schweitzer Engineering Laboratories. A security vulnerability exists in the Schweitzer Engineering Laboratories Real Time Automation Controller that originates from...

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

PT-2023-19816 · Unknown · Sunnet Ctms

Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...

PT-2023-12114

Name of the Vulnerable Software and Affected Versions Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description The issue allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. This is a cross-site scripting XSS...

PT-2023-12553 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script in the browser of a victim via crafted uploaded file names. This is a cross-site...

PT-2023-3048 · Dassault Systèmes · Delmia Apriso

Name of the Vulnerable Software and Affected Versions: DELMIA Apriso versions Release 2017 through Release 2022 Description: The issue is related to a reflected Cross-site Scripting XSS vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary script code,...

SUSE CVE-2006-2759

jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...

PT-2023-21172 · Sap · Sap Diagnostic Agent

Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected...