PT-2024-18390 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This is a reflected cross-site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a...

CVE-2024-21584

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user...

PT-2024-11732 · Unknown · Online Flight Booking Management System

Name of the Vulnerable Software and Affected Versions: Online Flight Booking Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter in the add-airline form. This enables the execution...

School Fees Management System Security Breach

School Fees Management System is a tuition management system. A security vulnerability exists in School Fees Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload that injects the name parameter...

CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

BIT-WORDPRESS-2020-11026 Specially crafted filenames in WordPress leading to XSS

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

BIT-WORDPRESS-2020-4046 Authenticated XSS through embed block in WordPress

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

BIT-WORDPRESS-MULTISITE-2020-4046 Authenticated XSS through embed block in WordPress

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

BIT-PHPLIST-2020-36398

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

BIT-ARGO-WORKFLOWS-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

Customer Support System 跨站脚本漏洞

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

CVE-2023-4479 Stored XSS Vulnerability in M-Files Web

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period...

openSUSE: Security Advisory for libreoffice (SUSE-SU-2023:4932-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-25436

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

Cross site scripting

A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

JVN#78084105: OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting

OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability CWE-79 in Edit Profile page. Impact On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed ...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server version 11.7,...

Bonitasoft Cross-Site Scripting Vulnerability

Bonitasoft is an open source BPM software from Bonitasoft. A cross-site scripting vulnerability exists in Bonitasoft version v.7.14, which originates from a vulnerability that allows an attacker to execute arbitrary scripts via the Groups Display name field using a crafted payload...

PT-2024-21392 · Zhimengzhe · Ibarn

Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: A reflected cross-site scripting XSS vulnerability allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in "offer.php". This issue enables attacker...