CVE-2023-2139

A reflected Cross-site Scripting XSS Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code...

CVE-2023-2139 Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022

A reflected Cross-site Scripting XSS Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code...

PT-2023-3048 · Dassault Systèmes · Delmia Apriso

Name of the Vulnerable Software and Affected Versions: DELMIA Apriso versions Release 2017 through Release 2022 Description: The issue is related to a reflected Cross-site Scripting XSS vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary script code,...

Checkmk 跨站脚本漏洞

Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...

Cross site scripting

Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...

CVE-2023-29523

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...

WCP Contact Form <= 3.1.0 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-27777

Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...

CVE-2023-29522

CVE-2023-29522 affects XWiki Platform. Any user with view rights can execute arbitrary script macros (Groovy/Python) that enable remote code execution and unrestricted read/write access to wiki contents. The attack is triggered by opening a non-existing page whose name contains a dangerous payloa...

CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...

DirCMS 跨站脚本漏洞

DirCMS is a website builder from the Latvian company DirCMS. A cross-site scripting vulnerability exists in DirCMS version 6.0.0, which stems from the lack of effective filtering and escaping of user-supplied data in the front-end, and can be exploited by an attacker to execute arbitrary Web scri...

Joruri Gw vulnerable to cross-site scripting

Overview Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Joruri Gw 跨站脚本漏洞

Joruri Gw is a web portal of Joruri Inc. A security vulnerability exists in Joruri Gw. An attacker can exploit the vulnerability to execute arbitrary scripts...

Design/Logic Flaw

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

CVE-2023-29507

XWiki Commons vulnerability: the Document script API returns directly a DocumentAuthors object, letting an attacker set any document author and potentially affect rights checks. This is fixed by patching the API to a safe script API in XWiki 14.10 and 14.4.7. Affected context includes XWiki Commo...

CVE-2023-29847

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the commentauthor and commentcontent parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-27267

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely...

CVE-2023-27499 Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...

CVE-2023-27267 Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge)

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely...

CVE-2023-26846

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...