PT-2023-27988 · Unknown · Dairy Farm Shop Management System Using Php/Mysql

Name of the Vulnerable Software and Affected Versions: Dairy Farm Shop Management System Using PHP and MySQL version 1.1 Description: The issue allows attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. This enables t...

CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

UBUNTU-CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

CVE-2023-39320

CVE-2023-39320 concerns the go.mod toolchain directive introduced in Go 1.21. The description in the CVE entry states this directive can be leveraged to execute scripts and binaries relative to the module root when the go command is executed within the module, affecting modules downloaded from th...

PT-2023-27903 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...

CVE-2023-39711

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

PT-2023-27994 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters in the install/index.php file. This enables the...

PT-2023-25592 · Shirasagi · Shirasagi

Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions prior to 1.18.0 Description: A reflected cross-site scripting issue allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. This enables the...

JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

SHIRASAGI Cross-Site Scripting Vulnerability

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in SHIRASAGI versions prior to v1.18.0. An attacker can exploit the vulnerability to execute arbitrary script on a web browser...

SHIRASAGI Cross-Site Scripting Vulnerability

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in SHIRASAGI versions prior to v1.18.0. An attacker can exploit the vulnerability to execute arbitrary script on a web browser...

General Solutions Steiner GmbH CASE 3 Taskmanagement Cross-Site Scripting Vulnerability

General Solutions Steiner CASE 3 Taskmanagement is an application from General Solutions Steiner Austria. A security vulnerability exists in General Solutions Steiner GmbH CASE 3 Taskmanagement version V3.3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a...

General Solutions Steiner GmbH CASE 3 Taskmanagement Cross-Site Scripting Vulnerability

General Solutions Steiner CASE 3 Taskmanagement is an application from General Solutions Steiner Austria. A security vulnerability exists in General Solutions Steiner GmbH CASE 3 Taskmanagement version V3.3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a...

PT-2023-27085 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the "Add New...

JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client

VI Web Client provided by i-PRO Co., Ltd. is Video Insight’s video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7...

CVE-2023-39578

A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...

Tenda AC23 输入验证错误漏洞

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. The Tenda AC23 suffers from a stack buffer overflow vulnerability that stems from the...

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

LuxSoft LuxCal Web Calendar 跨站脚本漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar that stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to...