80 matches found
CVE-2023-27990
The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...
CVE-2022-45441
A cross-site scripting XSS vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored...
PT-2023-1577 · Zyxel · Zyxel Nbg-418N
Name of the Vulnerable Software and Affected Versions: Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0 Description: A cross-site scripting XSS vulnerability exists in the Zyxel NBG-418N v2 firmware, which could allow an attacker to store malicious scripts in the Logs page of the GUI o...
PT-2022-28129 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing an attacker to inject...
Distributed Data Systems WebHmi 跨站脚本漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used to monitor and control any automation system on a local network and over the Internet from computers and mobile devices. A cross-site scripting vulnerability exists in...
WordPress plugin Premio Chaty跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plug...
CVE-2021-25113
The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...
Secomea SiteManager 跨站脚本漏洞
Secomea SiteManager is a software application from the Danish company Secomea. It provides a remote maintenance function for industrial equipment. A cross-site scripting vulnerability exists in Secomea SiteManager Version 9.6.621421014 and earlier versions, which allows a user to store javascript...
webTareas 跨站脚本漏洞
webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas, which can be exploited by an attacker to store arbitrary web script or HTML by...
SAP ERP 跨站脚本漏洞
SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. A cross-site scripting vulnerability exists in SAP Cloud Connector version 2.0, which arises from a program that does not adequately encode user-controlled input, and can be exploited by an attacker with...
Opennms Group OpenNMS 跨站脚本漏洞
Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the U.S.-based OpenNMS Group Opennms Group. A cross-site scripting vulnerability exists in OpenNMS Horizon, which stems from versions OpenNMS -1-0-stable through OpenNMS -27.1.0-1;...
Opennms Group OpenNMS 跨站脚本漏洞
Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the US-based OpenNMS Group Opennms Group. A cross-site scripting vulnerability exists in OpenNMS Horizon and OpenNMS Meridian, which stems from the function add performing incorrect...
CVE-2020-6284
SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...
CVE-2020-8799
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website...
CVE-2019-10474
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system...
CVE-2019-10474
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system...
The vulnerability in the web interface of the Cisco Secure ACS control system allows a perpetrator to execute stored scripts across sites.
The vulnerability in the Cisco Secure ACS access control system’s web interface management interface is related to improper verification and the absence of encryption for user data. Exploiting this vulnerability allows a malicious actor to remotely execute stored scripts against the user’s web...
BlackBerry Unified Endpoint Manager Cross-Site Scripting Vulnerability (CNVD-2019-39169)
BlackBerry Unified Endpoint Manager UEM is a unified endpoint management solution from BlackBerry Canada. The solution is used to manage endpoint devices and view their access. A security vulnerability exists in BlackBerry UEM. No information is currently available about this vulnerability, which...
CVE-2018-8888
A stored cross-site scripting XSS vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator...
Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability
Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability discovered by "Stefan Schurtz ". Technical Details Login to Web UI - Create New Project - Project name - '"alertdocument.cookie...