102 matches found
CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...
CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...
PT-2024-25758 · Sourcecodester · Sourcecodester Computer Laboratory Management System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Laboratory Management System version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. This enables...
PT-2024-24176 · Unknown · Cosmetics/Beauty Product Online Store
Name of the Vulnerable Software and Affected Versions: Cosmetics and Beauty Product Online Store version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. This enables attackers ...
Cross site scripting
A Cross-Site Scripting XSS vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session...
CVE-2024-2078 Cross-Site Scripting vulnerability in HelpDeskZ
A Cross-Site Scripting XSS vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session...
Alkacon OpenCMS XSS via Mercury template
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...
CVE-2023-6719
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
Cross site scripting
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
PYSEC-2023-294
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
CVE-2023-6719
Repox has an XSS vulnerability tracked as CVE-2023-6719. Multiple connected sources describe an issue where a malicious actor can craft and deliver JavaScript payloads to a user, enabling an attacker to compromise interactions with the vulnerable application and potentially gain control of the us...
CVE-2023-6719 Cross-site Scripting in Repox
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
SUSE CVE-2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack
Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...
PT-2023-9801 · Asyncssh +3 · Asyncssh +3
Name of the Vulnerable Software and Affected Versions: AsyncSSH versions 2.14.0 and earlier Description: The issue in AsyncSSH allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, also known as a "Rogue Session Attack." This can lea...
PT-2023-30473 · WordPress · Wpsolutions-Hq Wpdbspringclean
Name of the Vulnerable Software and Affected Versions: WPSolutions-HQ WPDBSpringClean plugin versions 1.6 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...
PT-2023-29823 · Emmanuel Georjon · Eg-Attachments
Name of the Vulnerable Software and Affected Versions: Emmanuel GEORJON EG-Attachments plugin versions = 2.1.3 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them ...
PT-2023-28025 · WordPress · Beplus Sermon'E – Sermons Online
Name of the Vulnerable Software and Affected Versions: Beplus Sermon'e – Sermons Online plugin version 1.0.0 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...
PT-2023-23616 · Fahad Mahmood · Fahad Mahmood Wp Docs
Name of the Vulnerable Software and Affected Versions: Fahad Mahmood WP Docs plugin versions prior to 1.9.9 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowi...
PT-2023-21142 · WordPress · Maui Marketing Update Image Tag Alt Attribute
Name of the Vulnerable Software and Affected Versions: Maui Marketing Update Image Tag Alt Attribute plugin versions = 2.4.5 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...