PT-2023-9950 · Unknown · Kau-Boy Backend Localization Plugin

Name of the Vulnerable Software and Affected Versions: Kau-Boy Backend Localization Plugin versions up to 1.6.1 Description: The issue affects the processing of the file backend localization.php, leading to cross-site scripting. The attack can be initiated remotely. Recommendations: For versions ...

PT-2023-10280 · WordPress · Google Analytics Top Content Widget Plugin

Name of the Vulnerable Software and Affected Versions: Google Analytics Top Content Widget Plugin versions up to 1.5.6 Description: A vulnerability was found in the Google Analytics Top Content Widget Plugin, affecting an unknown functionality of the file class-tgm-plugin-activation.php. The...

PT-2023-2605 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A vulnerability was found in the Web Management Interface of Netgear SRX5308, due to insufficient input validation. This allows a remote attacker to conduct a cross-site scripting attack by...

PT-2023-17254 · Sourcecodester · Sourcecodester Employee Payslip Generator

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Payslip Generator version 1.0 Description: A problematic vulnerability has been found in the Create News Handler component of the SourceCodester Employee Payslip Generator. The issue is related to an unknown function o...

CVE-2023-1635

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was...

PT-2023-17118 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.2.3 Description: A vulnerability has been found in Rebuild, affecting unknown code of the file /feeds/post/publish, leading to cross site scripting. The attack can be initiated remotely. Recommendations: For Rebuild...

CVE-2023-1275

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross...

PT-2023-10274 · WordPress · Woo-Popup

Name of the Vulnerable Software and Affected Versions: woo-popup Plugin versions up to 1.2.2 Description: A problematic vulnerability has been found in the woo-popup Plugin on WordPress, affecting an unknown part of the file admin/class-woo-popup-admin.php. This issue leads to cross-site scriptin...

CVE-2023-0945

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input " leads to cross site scripting. It is possible to launch...

SUSE CVE-2009-4976

Cross-site scripting XSS vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...

SUSE CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

SUSE CVE-2013-5784

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING...

SUSE CVE-2015-2941

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...

SUSE CVE-2015-7187

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via inline JavaScript code that is executed within a third-party extension...

SUSE CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

ServiceNow San Diego Patch和Rome Patch 跨站脚本漏洞

ServiceNow San Diego Patch and ServiceNow Rome Patch are both products of ServiceNow, Inc.ServiceNow San Diego Patch is a series of patches.ServiceNow Rome Patch is an application patch. ServiceNow San Diego Patch and Rome Patch have a security vulnerability that stems from the presence of...

PT-2023-15895 · Unknown · Capsadmin Pac3

Name of the Vulnerable Software and Affected Versions: CapsAdmin PAC3 affected versions not specified Description: A problematic issue was found in CapsAdmin PAC3, affecting some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the url argument leads to...

PT-2023-11814 · Unknown · Jamesmartin Inline Svg

Name of the Vulnerable Software and Affected Versions: jamesmartin Inline SVG versions up to 1.7.1 Description: A vulnerability has been found in the component URL Parameter Handler, specifically in the file lib/inline svg/action view/helpers.rb. The manipulation of the argument filename leads to...

CVE-2022-4601

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/api/theme-edit/ of the component Shipping/Member Discount/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotel...

PT-2022-27705 · Unknown · Shoplazza Lifestyle

Name of the Vulnerable Software and Affected Versions: Shoplazza LifeStyle version 1.1 Description: A problematic issue was found in the Create Product Handler component, affecting an unknown function of the file /admin/api/admin/v2 products. This issue leads to cross-site scripting and can be...