CVE-2023-31159

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

Overview WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. JPCERT/CC published respective advisories in...

Anuko Time Tracker 跨站脚本漏洞

Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. A cross-site scripting vulnerability exists in versions prior to Anuko Time Tracker 1.22.11.5782. An attacker can exploit this vulnerability t...

CVE-2023-30057

Multiple stored cross-site scripting XSS vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

Service Provider Management System Cross-Site Scripting Vulnerability

Service Provider Management System is a web-based application by Carlo Montero, an individual developer. It is designed to provide dynamic websites for service provider companies. A cross-site scripting vulnerability exists in Service Provider Management System version 1.0, which originates from...

CLTPHP Cross-Site Scripting Vulnerability

CLTPHP is an open source and efficient site-building PHP content management system. CLTPHP version 6.0 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the file Changyan.php on the lack of effective user-supplied data filtering and escaping, an attacker ca...

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

CVE-2023-27075

A cross-site scripting vulnerability XSS in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-30094

A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...

MicroBin 跨站脚本漏洞

MicroBin is an ultra-compact, feature-rich, configurable, self-contained and self-hosted pastebin web application from the individual developer Dániel Szabó. A security vulnerability exists in MicroBin version v1.2.0, which stems from a security issue in the component microbin/src/pasta.rs, and c...

CVE-2023-30096

CVE-2023-30096 concerns a stored XSS in TotalJS Messenger (commit b6cf1c9). The vulnerability arises in the user information field, allowing an attacker to inject crafted payloads that execute arbitrary web scripts/HTML when processed by the vulnerable component. Reported impact is limited to cli...

CVE-2023-30097

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...

CVE-2023-30095

CVE-2023-30095 affects TotalJS Messenger (commit b6cf1c9). It describes a stored XSS vulnerability in the channel description field, allowing an attacker to execute arbitrary web scripts or HTML in the context of the affected app. The vulnerability is evidenced across multiple sources, including ...

CVE-2023-30097

CVE-2023-30097 concerns TotalJS messenger. The vulnerability is a stored cross-site scripting (XSS) issue in the messenger, exploitable via a crafted payload injected into the private task field (commit b6cf1c9). Affected software is TotalJS messenger; underlying cause is stored XSS; impact is ex...

Cross site scripting

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

CVE-2023-30205

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

ASUS RT-AC51U 跨站脚本漏洞

The ASUS RT-AC51U is a wireless router from the Chinese company ASUS. A cross-site scripting vulnerability exists in ASUS RT-AC51U 3.0.0.4.380.8591 and earlier versions, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an...

Aigital Wireless-N Repeater Mini_Router 跨站脚本漏洞

Aigital Wireless-N Repeater Mini-Router is a wireless router repeater from Aigital. A security vulnerability exists in Aigital Wireless-N Repeater MiniRouter version v0.131229, which stems from the presence of a cross-site scripting XSS vulnerability. An attacker could exploit this vulnerability ...

CVE-2023-30405

A cross-site scripting XSS vulnerability in Aigital Wireless-N Repeater MiniRouter v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wlssid parameter at /boafrm/formHomeWlanSetup...