PT-2023-12121 · Hcl · Hcl Verse

Name of the Vulnerable Software and Affected Versions: HCL Verse affected versions not specified Description: The issue allows a remote unauthenticated attacker to execute script in a victim's web browser by tricking a user into clicking a crafted URL. This could lead to performing operations as...

CVE-2023-27211

A cross-site scripting XSS vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...

Online Pizza Ordering System 跨站脚本漏洞

Online Pizza Ordering System is an online pizza ordering system by Carlo Montero, a personal developer. A security vulnerability exists in Online Pizza Ordering System version 1.0, which originates from a cross-site scripting XSS vulnerability in /php-opos/login.php, which can be exploited by an...

PT-2023-21009 · Unknown · Online Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: Online Pizza Ordering System version 1.0 Description: A cross-site scripting XSS issue in the /admin/navbar.php endpoint of the Online Pizza Ordering System allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

xwiki contains Incorrect Authorization

Impact It's possible to execute a script with the right of another user provided the target user does not have programming right. For example, the following: context document="xwiki:XWiki.userwithscriptright" transformationContext="document"velocityHello from Velocity!/velocity/context written by...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...

CVE-2023-26056

CVE-2023-26056 affects XWiki Platform. Starting with 3.0-milestone-1, a script can be executed with the privileges of another user if the target user lacks programming rights. The issue is mitigated by patches in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. Connected advisories (GHSA-859X-P6JP-RC2W, os...

CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...

PT-2023-20456 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0-milestone-1 through 14.7 XWiki Platform versions 14.4 through 14.4.4 XWiki Platform versions 13.10 through 13.10.9 Description: The issue allows executing a script with the rights of another user, provided the targ...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress versions prior to 1.3. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that stems from the possibility of executing scripts with the privileges of another user as long as the target user does not hav...

CVE-2023-22778

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the...

Cisco Nexus Dashboard 跨站脚本漏洞

Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It simplifies the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard, which stems from a security issue in the web-based management interface that does not adequately...

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...

JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

SHIRASAGI 跨站脚本漏洞

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in versions prior to SHIRASAGI v1.17.0, which stems from a stored cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script...

K17563: Apache Struts vulnerability CVE-2015-2992

Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K8602: XSS vulnerability viewing logs from the web management interface

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

CVE-2023-24081

Multiple stored cross-site scripting XSS vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page...