CVE-2023-49488

A cross-site scripting XSS vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter...

CVE-2023-6186 Link targets allow arbitrary script execution

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to execute arbitrary scripts and trigger a system reboot.

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the ability to load files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute...

JFinalCMS 安全漏洞

JFinalCMS is a content management system. JFinalCMS v5.0.0 version exists cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the navigation management department, an attacker exploits the vulnerability by injectin...

JFinalCMS 安全漏洞

JFinalCMS is a content management system. JFinalCMS v5.0.0 version exists cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the section management department, an attacker can exploit this vulnerability by injecti...

CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...

CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...

CVE-2023-28017

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

CVE-2023-34439

Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...

PT-2023-21483 · Hcl · Hcl Connections

Name of the Vulnerable Software and Affected Versions: HCL Connections affected versions not specified Description: The issue allows an attacker to execute arbitrary script code in the browser of an unsuspecting user after visiting a vulnerable URL, leading to the execution of malicious script...

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-40460 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-40460

CVE-2023-40460 affects the ACEManager component of ALEOS 4.16 and earlier . The vulnerability arises because ACEManager does not validate uploaded file names and types, which could allow an authenticated user to execute client-side scripts within ACEManager and alter device functionality until a ...

The vulnerability of the bumsys business management system, related to the remote execution of PHP files, allows a hacker to execute arbitrary code.

The vulnerability of the bumsys business management system is related to the remote execution of PHP files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...

Cross site scripting

A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&ajax=1&lang=cn...

Cross site scripting

A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctypeadd&ajax=1&lang=cn...

Path Traversal

oro/platform is vulnerable to Path Traversal. The vulnerability is due to the getTemporaryFileName function in Oro/Bundle/GaufretteBundle/FileManager.php. An attacker can exploit this method to pass the path to a non-existent file, which will allow writing the content to a new file that will be...

Apache NiFi 跨站脚本漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...