PT-2023-25687 · 3S Smart Software Solutions · Codesys Development System +1

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.9.0 through 3.5.17.0 CODESYS Scripting versions 4.0.0.0 through 4.1.0.0 Description: The issue is related to unsafe directory permissions in the affected software. This could allow an attacker with loca...

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content...

CVE-2023-38491 Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content...

PT-2023-26472

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 3.5.8.3 Kirby versions prior to 3.6.6.3 Kirby versions prior to 3.7.5.2 Kirby versions prior to 3.8.4.1 Kirby versions prior to 3.9.6 Description The issue affects Kirby sites that allow file uploads from untrusted user...

CVE-2022-31456

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter...

PT-2023-13038 · Trudesk · Trudesk

Name of the Vulnerable Software and Affected Versions: Truedesk version 1.2.2 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. Recommendations: For Truedesk version 1.2.2, consider disabling th...

Cross site scripting

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

Assembly Software Trialworks 跨站脚本漏洞

Assembly Software Trialworks is a feature-rich legal case management platform built by experienced trial attorneys from Assembly Software USA. A security vulnerability exists in Assembly Software Trialworks version v11.4, which stems from the presence of a cross-site scripting XSS vulnerability...

CVE-2023-37613

CVE-2023-37613 describes an XSS vulnerability in Assembly Software Trialworks v11.4, where an attacker can inject a crafted payload into the asset src parameter to execute arbitrary web scripts/HTML in the victim’s browser. The connected sources consistently identify the affected product/version ...

Esri ArcGIS Enterprise 跨站脚本漏洞

Esri ArcGIS Enterprise is esri's set of GIS geographic information system of the basic software system. A cross-site scripting vulnerability exists in Esri ArcGIS Enterprise that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by...

SUSE CVE-2023-29457

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-37785

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

Cross site scripting

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

Cross site scripting

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

UBUNTU-CVE-2023-29457

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-37746

A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

CVE-2023-32200 Apache Jena: Exposure of execution in script engine expressions.

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...