CVE-2023-28394

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

Command injection

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the save grid option, which allows an attacker to inject arbitrary JavaScript code into the browser...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in details.php due to lack of sanitation when adding tags on uploaded files which allows an attacker to inject and execute arbitrary JavaScript...

Cross-Site Scripting (XSS)

alextselegidis/easyappointments is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user display name sanitization in backendheader.php, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in getAllLinkTagsById of Tags.php due to missing conversion of the tag field to html entities which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in record.questions.php due to lack of sanitization of the user inputs of mail parameter which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in the reply form due to the lack of sanitization in msgID, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in setName of Rule.php due to improper sanitization of input name parameter which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in multiple functions of Unit.php due to improper input sanitization which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of event sanitization in the $events parameter of Validate.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-Site Scripting (XSS)

total4 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in replace parameter of internal.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in getLinkContent of link.js due to improper sanitization of user inputs which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in record.edit.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross site scripting

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

CVE-2023-2582

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

Cross site scripting

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

Cross-Site Scripting (XSS)

azuracast/azuracast, is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in the getDisplayName, parameter of main.phtml which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-29489

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31...