Ampache 安全漏洞

Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in /preferences.php?action=adminupdatepreferences, which can be...

IBM QRadar SIEM 跨站脚本漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-28034

The CVE-2024-28034 entry describes a cross-site scripting (CWE-79) vulnerability in Mini Thread Version 3.33βi. An arbitrary script could be executed in the browser of users visiting a site that uses this product. The focal product is Mini Thread 3.33βi; the root cause and exact vulnerable compon...

Mini Thread vulnerable to cross-site scripting

Overview Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of...

PT-2024-21278 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site scripting vulnerability exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users...

TvRock 安全漏洞

TvRock is a tool for setting timers to record for television programs from TvRock, Inc. A security vulnerability exists in TvRock version 0.9t8a, which originates from a vulnerability that allows an attacker to execute arbitrary scripts on the web browser of a user who visits a website that uses...

Zerochannel 0ch BBS Script 安全漏洞

Zerochannel 0ch BBS Script is a bulletin board software from Zerochannel, Inc. A security vulnerability exists in Zerochannel 0ch BBS Script version ver.4.00, which originated from a vulnerability that allows an attacker to execute arbitrary scripts on the web browser of a user who visits a web...

JVN#46874970: 0ch BBS Script (0ch) vulnerable to cross-site scripting

0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be...

Testimonial Slider < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Testimonial Shortcode" 2. Ad...

OneBlog Lab Module Cross-Site Scripting Vulnerability

OneBlog is a Java blog. OneBlog v2.3.4 version of a cross-site scripting vulnerability , the vulnerability stems from the Lab module under the Category List parameter of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by injecting a...

GeoServer 安全漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective filtering and escaping of user-supplied...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics that supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion capabilities. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the application's lack of...

PT-2025-18295 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 15.9-rc-1 through 15.10.8 XWiki versions 16.0.0-rc-1 through 16.2.0 Description: XWiki is a generic wiki platform. The required rights analysis does not consider TextAreas with default content type, allowing a user to put...

CVE-2024-26062

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26052

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26051

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

FitNesse Cross-site Scripting vulnerability

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...

FitNesse Security Breach

FitNesse is a fully integrated standalone wiki and acceptance testing framework. A security vulnerability exists in versions prior to FitNesse 20220319, which stems from a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary scripts on a...