PT-2023-29021 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS version 3.4.16 Description: A Cross-Site Scripting XSS vulnerability in the installer of October CMS allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. Recommendations: For...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...

CVE-2023-44043

A reflected cross-site scripting XSS vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter...

Subrion Cross-Site Scripting Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion v4.2.1, which originates from a cross-site scripting XSS...

Dreamer CMS 跨站脚本漏洞

Dreamer CMS is a dreamer content management system. Dreamer CMS version v4.1.3 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the component /admin/u/toIndex, which can be exploited by an attacker to execute...

Blackcat Cms Cross-Site Scripting Vulnerability

Blackcat Cms is a Php-based content management system from the Blackcat team. A cross-site scripting vulnerability exists in Blackcat Cms version 1.4.1, which stems from a cross-site scripting XSS vulnerability in /settings/index.php that allows an attacker to inject a crafted payload via the sit...

Unallowed PHP script execution in GLPI

From the GLPI 10.0.10 Changelog: You will find below security issues fixed in this bugfixes version: SECURITY - Critical Unallowed PHP script execution CVE-2023-42802. The mentioned CVE is invalid...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2023:3701-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3701-1 advisory. - The html/template package does not properly handle HTML-like comment tokens, nor hashbang !...

WordPress plugin Leyka 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

ISL ARP Guard Cross-Site Scripting Vulnerability

ISL ARP Guard is a zero-trust web access solution from ISL Germany. A security vulnerability exists in ISL ARP Guard version v4.0.2, which originated from a vulnerability that allows an attacker to execute arbitrary web script or HTML via the urlstr URL parameter with a crafted payload...

CVE-2023-39777

A cross-site scripting XSS vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter...

CVE-2023-3588

A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...

CVE-2023-3588

A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...

CVE-2023-39320

A flaw was found in Golang. The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module...

CVE-2023-21523

A Stored Cross-site Scripting XSS vulnerability in the Management Console User Management and Alerts of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account...

CVE-2023-21522

A Reflected Cross-site Scripting XSS vulnerability in the Management Console Reports of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit - Bait and Switch Archive Generator...

BlackBerry AtHoc Cross-Site Scripting Vulnerability

BlackBerry AtHoc is a crisis communications solution for federal, state and local governments, public safety and law enforcement agencies, and schools from BlackBerry Canada. A security vulnerability exists in BlackBerry AtHoc version 7.15, which stems from a Reflective Cross-Site Scripting XSS...

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS ABAP cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied...