485 matches found
CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...
CVE-2023-31928 - XSS vulnerability in Brocade Webtools
A reflected cross-site scripting XSS vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools...
CVE-2023-38308
An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...
CVE-2023-38308
An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...
CVE-2023-38308
An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...
CVE-2023-25841
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2023-25837
There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...
CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...
CVE-2023-25836 BUG-000135364 XSS in 10.8.1 sites builder iframe source
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
Cross site scripting
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
CVE-2023-34599
Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...
CVE-2023-34835
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable deletefile parameter...
Acronis: [oem.acronis.com] Reflected Cross Site Scripting
The researcher discovered a reflected cross-site scripting XSS vulnerability on the oem.acronis.com website. The vulnerability was found on the /test/testenv.html page, where user-supplied input was not properly sanitized, allowing the execution of arbitrary JavaScript code...
CVE-2023-24031
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...
CVE-2023-2819
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...
CVE-2023-2819
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...
Cross-Site Scripting (XSS)
concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the rss displayer which allows an attacker to inject arbitrary JavaScript code into the browser...