6239 matches found
PT-2024-15042
Name of the Vulnerable Software and Affected Versions CyberMath versions 1.4 through 1.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This affects the CyberMath software. Recommendations F...
The vulnerability of the xmlattr template filter in Jinja2, a programming language, allows an attacker to perform XSS attacks.
The vulnerability of the xmlattr filter in the Jinja2 templater relates to the lack of protective measures for website structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
constructif.fr Cross Site Scripting vulnerability OBB-3847328
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-7069
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
CVE-2024-1103 CodeAstro Real Estate Management System Feedback Form profile.php cross site scripting
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input leads to cross sit...
CVE-2024-1031 CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The...
CVE-2023-51843
react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...
amc-parts.se Cross Site Scripting vulnerability OBB-3845880
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
netmachinery.net Cross Site Scripting vulnerability OBB-3845850
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2024-10470)
Cisco Unity Connection UC is a set of voice messaging platforms from the U.S. company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. Cisco Unity Connection suffers from a cross-site scripting vulnerability that stems from the web-based...
homefacts.com Cross Site Scripting vulnerability OBB-3845036
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-23877 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerabilit...
CVE-2024-23865 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this...
reangel.com Cross Site Scripting vulnerability OBB-3842704
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
www7.nau.edu Cross Site Scripting vulnerability OBB-3842084
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
flightservice-web.easemytrip.com Cross Site Scripting vulnerability OBB-3841208
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2024-15668 · WordPress · Amp For Wp – Accelerated Mobile Pages
Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.92.1 Description: The issue is related to Reflected Cross-Site Scripting via the disqus name parameter due to insufficient input sanitization and...
chefmorimoto.com Cross Site Scripting vulnerability OBB-3839642
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
bbank.ybonline.co.uk Cross Site Scripting vulnerability OBB-3839585
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...