CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

CVE-2023-33002

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-33750

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...

CVE-2023-24194

Online Food Ordering System v2 was discovered to contain a cross-site scripting XSS vulnerability via the page parameter in navbar.php...

CVE-2023-24409

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin = 1.1.15 versions...

CVE-2023-24957

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2023-46076

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin = 1.2.102 versions...

CVE-2023-2393

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmzsetup.htm of the component Web Management Interface. The manipulation of the argument...

CVE-2023-2384

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmzsetup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cros...

CVE-2023-29188

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS...

CVE-2022-25781

Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...

CVE-2022-34550

Sims v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter...

CVE-2022-43046

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /foms/place-order.php...

CVE-2022-3832

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-29727

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting XSS vulnerability in the Signup parameter...

CVE-2022-42111

A Cross-site scripting XSS vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload...

CVE-2022-24238

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting XSS vulnerability via the txtNmName1 parameter in person.awp...

CVE-2022-46058

AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

CVE-2022-43578

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...