Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...

PT-2024-7341 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: The vulnerability is related to insufficient validation of user input in the web-based management interface, allowing an unauthenticated, remo...

MAL-2024-12238 Malicious code in cobo-custdy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd0d754c7d09b395a490411bfdba9006309e5227c634e9946f4612de907de0d0 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...

CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

The vulnerability of the Calltouch analytics service lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary scripts.

The vulnerability of the Calltouch analytics service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

The vulnerability of the sysinfo.cgi script implemented in the Webmin hosting control panel allows a hacker to execute arbitrary scripts.

The vulnerability in the sysinfo.cgi script of the Webmin hosting panel exists because measures are not taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

PT-2024-5256 · Ibm · Ibm Security Directory Integrator +1

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0 Description: The issue is related to stored cross-site scripting in the web interface of the affected software, allowing users to embed...

VulnCheck KEV: CVE-2016-4945

Cross-site scripting XSS vulnerability in vpn/js/gatewayloginformview.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSCTMAC cookie...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

WordPress plugin WP Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-23651 · Unknown · Rageframe2

Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload drive parameter...

Cross site scripting

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts...

Tenable Network Security Nessus Cross-Site Scripting Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. Nessus suffers from a cross-site scripting vulnerability. A remote attacker exploiting this vulnerability may be able to change Nessus proxy settings, which could lead to the executi...

PT-2024-15935 · Tenable · Tenable Nessus

Name of the Vulnerable Software and Affected Versions: Tenable Nessus affected versions not specified Description: A stored XSS issue exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, leading to the execution ...

The vulnerability of the bumsys business management system, related to the remote execution of PHP files, allows a hacker to execute arbitrary code.

The vulnerability of the bumsys business management system is related to the remote execution of PHP files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests...

PT-2023-9189 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a lack of protection for the web page structure in the Thumbnails component of the Redmine web application, allowing for cross-site...

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service allows a attacker to perform XSS attacks.

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service relates to the failure to take measures to neutralize the script in the web page’s attributes. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2023-20005

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

PT-2023-7523 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the ACEManager component of the ALEOS operating system, which does not validate uploaded file names and types. This could potentially allow an authenticated user to perform...