Hostel Management System 跨站脚本漏洞

PHPGurukul Hostel Management System is a hostel management system. A security vulnerability exists in Hostel Management System version v2.1, which can be exploited to execute arbitrary web script or HTML via the add course drop-down menu...

Nextcloud: Self XSS when sending HTML as a comment in the Deck app

A vulnerability was found in the Deck app comments that allowed HTML injection. This could lead to malicious script execution when a user clicked a specially crafted link. The issue was reported to the Nextcloud security team...

Cross site scripting

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events class...

CVE-2023-37136

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37122

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

CVE-2023-37134

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37135

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37134

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A cross-site scripting XSS vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field...

Bagecms 跨站脚本漏洞

BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...

EyouCms 跨站脚本漏洞

EyouCms is an open source content management system CMS based on ThinkPHP. EyouCms has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Column management module, which can be exploited by an attacker to execute arbitrar...

CVE-2023-33335

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

Cross site scripting

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

Aruba Networks ArubaOS 跨站脚本漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from a stored cross-site scripting XSS attack that allo...

Sophos iView 跨站脚本漏洞

Sophos iView is a solution from Sophos UK. A security vulnerability exists in Sophos iView that stems from the presence of cross-site scripting XSS, which allows the execution of arbitrary scripts...

Selenium Grid 跨站脚本漏洞

Selenium Grid is a smart proxy server for the Selenium community. It is easy to run tests in parallel on multiple machines. A security vulnerability exists in Selenium Grid version v3.141.59, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...