6727 matches found
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
PT-2023-23996 · Mitel · Mitel Mivoice Connect
Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions through 19.3 SP2 22.24.1500.0 Description: The Linux DVS server component could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...
PT-2023-23339 · Mitel · Mitel Mivoice Connect
Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier Description: A vulnerability in the Headquarters server component could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improp...
phpMyFAQ cross-site scripting vulnerability (CNVD-2023-39428)
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.0-beta. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...
Dassault Systèmes 3DEXPERIENCE 跨站脚本漏洞
Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2018x through R2023x, which originates from a vulnerability that allows an attacker to execute arbitrary scri...
PT-2023-23451 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to 5.7.108 Description: The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to a flaw in the sys info.php file, specifically through the parameters edit cfg powerby and edit c...
Pimcore Cross-Site Scripting Vulnerability (CNVD-2023-41505)
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...
Personnel Property Equipment System Cross-Site Scripting Vulnerability
Personnel Property Equipment System is a personnel property equipment management system by Jon Remus Sevellejo personal developer. A cross-site scripting vulnerability exists in Personnel Property Equipment System v1.0, which stems from the lack of effective filtering and escaping of user-supplie...
ChurchCRM 跨站脚本漏洞
ChurchCRM is an open source CRM system for churches. A cross-site scripting vulnerability exists in ChurchCRM v4.5.4. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web scrip...
Guest Management System 跨站脚本漏洞
The Guest Management System is a web-based system designed to monitor the records of everyone who enters a school or college. A cross-site scripting vulnerability exists in Guest Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the...
CVE-2023-31544
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
Cross-site Scripting (XSS)
Overview rollout-ui is a minimalist UI for the rollout gem Affected versions of this package are vulnerable to Cross-site Scripting XSS that allows authenticated users to execute scripts via the "Do you really want to delete" confirmation dialog. PoC http:///features/'+alertdocument.cookie+'...
CraftCMS 代码注入漏洞
CraftCMS is a CMS program. CraftCMS version v3.8.1 suffers from a code injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by Section parameters, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a...
Teltonika Remote Management System 跨站脚本漏洞
Teltonika Remote Management System is a Teltonika Remote Management System used to manage Teltonika products. A cross-site scripting vulnerability exists in Teltonika Remote Management System versions prior to 4.10.0, which stems from the inclusion of a cross-site scripting XSS vulnerability in t...
PT-2023-22669 · Unknown · Moveit Framework
Name of the Vulnerable Software and Affected Versions: MoveIt framework version 1.1.11 Description: The issue concerns a cross-site scripting XSS flaw via the API authentication function. This allows for potential malicious script execution. No information is provided about the estimated number o...
CVE-2023-31165
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...
CVE-2023-31160
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...
CVE-2023-31163
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...
CVE-2023-31154
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...
CVE-2023-31153
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL...