CVE-2023-5598

Stored Cross-site Scripting XSS vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2023-101446)

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . PortlandLabs Concrete CMS before 8.5.13, before 9.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the administration page of the...

Cisco IP Phone 安全漏洞

Cisco IP Phone is a hardware device from the American company Cisco Cisco. IP Phone that provides calling capabilities. Cisco IP Phones suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the web-based management...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. The Cisco Identity Services Engine suffers from...

CVE-2023-47175

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product...

GaatiTrack Courier Management System Cross-Site Scripting Vulnerability

GaatiTrack Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in GaatiTrack Courier Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

LuxSoft LuxCal Web Calendar Security Vulnerability

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.2.4M and prior to 5.2.4L, which stems from the presence of a cross-site scripting XSS vulnerability...

PT-2023-32476 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: H2O affected versions not specified Description: The issue is related to a stored XSS vulnerability that can lead to a Local File Include attack. This allows an attacker to potentially execute malicious scripts or access sensitive files on th...

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

PT-2023-30407 · Unknown · Nukium Nkmgls

Name of the Vulnerable Software and Affected Versions: Nukium nkmgls versions prior to 3.0.2 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the displayAjaxSavePhoneMobile function in the NkmGlsCheckoutModuleFrontController. This allows for potential malicio...

VulnCheck KEV: CVE-2018-17246

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with...

CVE-2023-47164

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

CVE-2023-47164

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

CVE-2023-47164

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

PT-2023-32168 · Moodle +8 · Moodle +3

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns a stored XSS risk in the quiz grading report, where ID numbers were not properly sanitized. This could potentially allow for malicious script execution. Recommendations:...

CVE-2023-46244

CVE-2023-46244 relates to a privilege-escalation in XWiki Platform where a user with only script permissions could cause velocity content to execute with the right of another document author, potentially returning the title as the unmodified document but instead exposing the attacker to the prote...

Rocky Linux 8 : firefox (RLSA-2022:1705)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1705 advisory. - Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prom...

CVE-2022-48192

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script JavaScript, VBScript in the context of the application...

Cross site scripting

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script JavaScript, VBScript in the context of the application...

Online Examination System feed.php Page SQL Injection Vulnerability

Online Examination System is an online examination system. Online Examination System v1.0 suffers from a SQL injection vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the email parameter of the feed.php page, which can be exploited by an...