CVE-2023-27777

Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...

CVE-2023-29522

CVE-2023-29522 affects XWiki Platform. Any user with view rights can execute arbitrary script macros (Groovy/Python) that enable remote code execution and unrestricted read/write access to wiki contents. The attack is triggered by opening a non-existing page whose name contains a dangerous payloa...

CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...

DirCMS 跨站脚本漏洞

DirCMS is a website builder from the Latvian company DirCMS. A cross-site scripting vulnerability exists in DirCMS version 6.0.0, which stems from the lack of effective filtering and escaping of user-supplied data in the front-end, and can be exploited by an attacker to execute arbitrary Web scri...

Joruri Gw vulnerable to cross-site scripting

Overview Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Joruri Gw 跨站脚本漏洞

Joruri Gw is a web portal of Joruri Inc. A security vulnerability exists in Joruri Gw. An attacker can exploit the vulnerability to execute arbitrary scripts...

Design/Logic Flaw

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

CVE-2023-29507

XWiki Commons vulnerability: the Document script API returns directly a DocumentAuthors object, letting an attacker set any document author and potentially affect rights checks. This is fixed by patching the API to a safe script API in XWiki 14.10 and 14.4.7. Affected context includes XWiki Commo...

CVE-2023-29847

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the commentauthor and commentcontent parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-27267

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely...

CVE-2023-27499 Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...

CVE-2023-27267 Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge)

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely...

PT-2023-21172 · Sap · Sap Diagnostic Agent

Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected...

CVE-2023-26846

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...

PT-2023-2328 · Sap · Sap Diagnostic Agent

Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The issue is related to missing authentication and insufficient input validation in the OSCommand Bridge of the SAP Diagnostics Agent. This allows an attacker with deep knowledge of the system to...

LiveAction LiveSP 跨站脚本漏洞

LiveAction LiveSP is a network monitoring software for service providers from LiveAction. A security vulnerability exists in LiveAction LiveSP version v21.1.2. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...

WordPress plugin PropertyHive 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...

PT-2023-3267 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.60 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient cleaning of user data when processing external links, allowing a user to inject and execute arbitrary HTML code and script...

CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...