Cross site scripting

A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim...

PT-2022-24552 · Micro Focus · Micro Focus Operations Bridge- Containerized +1

Name of the Vulnerable Software and Affected Versions: Micro Focus Operations Bridge Manager versions prior to 2022.11 Micro Focus Operations Bridge- Containerized versions prior to 2022.11 Description: A potential issue has been identified in Micro Focus Operations Bridge - Containerized and Mic...

CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

CVE-2022-42458

CVE-2022-42458 affects bingo!CMS versions 1.7.4.1 and earlier, where an authentication bypass vulnerability in management functions allows remote, unauthenticated attackers to upload arbitrary files, potentially enabling arbitrary script execution or file modification. The Red Hat and JVN entries...

CVE-2022-43660

Improper neutralization of Server-Side Includes SSW within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable...

CVE-2022-45769

A cross-site scripting XSS vulnerability in ClicShoppingV3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter...

CVE-2022-45990

A cross-site scripting XSS vulnerability in the component /signupscript.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter...

PT-2022-27712 · Unknown · Ecommerce-Website

Name of the Vulnerable Software and Affected Versions: Ecommerce-Website version 1.0 Description: A cross-site scripting XSS issue in the /signup script.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. Recommendations...

Cross site scripting

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field...

Cross site scripting

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2022-44946

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

CVE-2022-44950

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...

CVE-2022-44956

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2022-44961

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

webTareas 跨站脚本漏洞

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas version 2.4p5, which stems from a cross-site scripting XSS vulnerability found i...

CVE-2022-44957

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

PT-2022-27353 · Webtareas · Webtareas

Name of the Vulnerable Software and Affected Versions: webtareas version 2.4p5 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add" in the "/linkedcontent/listfiles.php" component. This enables the...

CVE-2022-44955

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field...