Subrion Cross-Site Scripting Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion v4.2.1, which originates from a cross-site scripting XSS...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2023:3701-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3701-1 advisory. Update to go1.21.1 bsc1212475. - CVE-2023-39318: Fixed improper handling of HTML-like comments...

WordPress plugin Leyka 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

ISL ARP Guard Cross-Site Scripting Vulnerability

ISL ARP Guard is a zero-trust web access solution from ISL Germany. A security vulnerability exists in ISL ARP Guard version v4.0.2, which originated from a vulnerability that allows an attacker to execute arbitrary web script or HTML via the urlstr URL parameter with a crafted payload...

CVE-2023-39777

A cross-site scripting XSS vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter...

CVE-2023-3588

A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...

CVE-2023-3588

A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...

CVE-2023-39320

A flaw was found in Golang. The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module...

CVE-2023-21523

A Stored Cross-site Scripting XSS vulnerability in the Management Console User Management and Alerts of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account...

CVE-2023-21522

A Reflected Cross-site Scripting XSS vulnerability in the Management Console Reports of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit - Bait and Switch Archive Generator...

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS ABAP cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied...

BlackBerry AtHoc Cross-Site Scripting Vulnerability

BlackBerry AtHoc is a crisis communications solution for federal, state and local governments, public safety and law enforcement agencies, and schools from BlackBerry Canada. A security vulnerability exists in BlackBerry AtHoc version 7.15, which stems from a Reflective Cross-Site Scripting XSS...

PT-2023-27988 · Unknown · Dairy Farm Shop Management System Using Php/Mysql

Name of the Vulnerable Software and Affected Versions: Dairy Farm Shop Management System Using PHP and MySQL version 1.1 Description: The issue allows attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. This enables t...

CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

UBUNTU-CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

CVE-2023-39320

CVE-2023-39320 concerns the go.mod toolchain directive introduced in Go 1.21. The description in the CVE entry states this directive can be leveraged to execute scripts and binaries relative to the module root when the go command is executed within the module, affecting modules downloaded from th...

PT-2023-27903 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...

CVE-2023-39711

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...