Emotet adopts Microsoft OneNote attachments

Last week, Emotet returned after a three month absence when the botnet Epoch 4 started sending out malicious emails with malicious Office macros. While the extracted attachments were inflated to several hundred megabytes, it was surprising to see that Emotet persisted in using the same attack...

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company of a kind for merchants and brands of the world's leading digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce. The vulnerability stems from the application's lack of effective filtering and...

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

PT-2023-2115 · Aruba · Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: The issue concerns a reflected cross-site scripting XSS attack within the web-based management interface of ClearPass Policy Manager. This could allow a remote attacker to...

CVE-2023-27070

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...

Drugs.com: Stored Xss On "https://www.question.com/"

The vulnerability was a stored cross-site scripting XSS issue on the "https://www.question.com/" website. The vulnerability was discovered in the "ask" page, where a malicious script was injected directly into the web application. The impact of the vulnerability was that the malicious script coul...

CVE-2022-48111

A cross-site scripting XSS vulnerability in the checklogin function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter...

PT-2023-12121 · Hcl · Hcl Verse

Name of the Vulnerable Software and Affected Versions: HCL Verse affected versions not specified Description: The issue allows a remote unauthenticated attacker to execute script in a victim's web browser by tricking a user into clicking a crafted URL. This could lead to performing operations as...

CVE-2023-27211

A cross-site scripting XSS vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...

PT-2023-21009 · Unknown · Online Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: Online Pizza Ordering System version 1.0 Description: A cross-site scripting XSS issue in the /admin/navbar.php endpoint of the Online Pizza Ordering System allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Online Pizza Ordering System 跨站脚本漏洞

Online Pizza Ordering System is an online pizza ordering system by Carlo Montero, a personal developer. A security vulnerability exists in Online Pizza Ordering System version 1.0, which originates from a cross-site scripting XSS vulnerability in /php-opos/login.php, which can be exploited by an...

xwiki contains Incorrect Authorization

Impact It's possible to execute a script with the right of another user provided the target user does not have programming right. For example, the following: context document="xwiki:XWiki.userwithscriptright" transformationContext="document"velocityHello from Velocity!/velocity/context written by...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...

CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...

CVE-2023-26056

CVE-2023-26056 affects XWiki Platform. Starting with 3.0-milestone-1, a script can be executed with the privileges of another user if the target user lacks programming rights. The issue is mitigated by patches in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. Connected advisories (GHSA-859X-P6JP-RC2W, os...

PT-2023-20456 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0-milestone-1 through 14.7 XWiki Platform versions 14.4 through 14.4.4 XWiki Platform versions 13.10 through 13.10.9 Description: The issue allows executing a script with the rights of another user, provided the targ...

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that stems from the possibility of executing scripts with the privileges of another user as long as the target user does not hav...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress versions prior to 1.3. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

CVE-2023-22778

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the...

Cisco Nexus Dashboard 跨站脚本漏洞

Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It simplifies the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard, which stems from a security issue in the web-based management interface that does not adequately...