CVE-2023-45227

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

CVE-2023-45222

An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...

Cross site scripting

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

CVE-2023-45222 Westermo Lynx Cross-site Scripting

An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...

CVE-2023-45227 Westermo Lynx Cross-site Scripting

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

PT-2024-13056 · Westermo · Lynx +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the username parameter in the SNMP configuration...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

PT-2024-14024 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 23.0.2 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

CVE-2022-40744 IBM Aspera Faspex cross-site scripting

IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441...

Cross Site Scripting (XSS)

superbig/craft-audit is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of titles within the application. An attacker can inject arbitrary JavaScript via a title to perform a XSS attack...

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper image sanitization during upload, which allows an authenticated user to upload a crafted image file for their avatar which gets rendered as an HTML file. This allows an attacker to execute arbitrary JavaScrip...

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

Input validation

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...

Osimis WebViewer Cross-Site Scripting Vulnerability

Osimis WebViewer is an AI solution from Osimis. Osimis WebViewer suffers from a security vulnerability that originates from allowing an attacker to execute arbitrary JavaScript code in a victim's browser...

PT-2024-15244 · Osimis · Osimis Webviewer

Name of the Vulnerable Software and Affected Versions: Osimis WebViewer affected versions not specified Description: A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer, the issue gets triggered. If exploited, the attacker wi...

Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

GHSA-WC6F-QJXC-622V Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

Cross site scripting

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to Cross-Site Scripting (XSS). A remote attacker can inject arbitrary JavaScript into a victim’s browser by crafting malicious molfiles, leveraging improper handling of user input in the viewer component. Affected version range is prior to 0.3.0; exploit ...