3301 matches found
CVE-2023-51068
An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...
Cross site scripting
An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...
QStar Archive Solutions Security Breach
QStar Archive Solutions is QStar's range of storage technologies for managing disk arrays, object storage, tape libraries, optical libraries, WORM and clouds private and hybrid. A security vulnerability exists in QStar Archive Solutions RELEASE3-0 Build 7 release, which stems from the presence of...
CVE-2023-51068
An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...
CVE-2023-47861
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2023-48730
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-47861
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Cross site scripting
A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Cross site scripting
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-48730
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-48730
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-47861
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2023-48728
A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Stored Cross Site Scripting (XSS)
class.upload.php is vulnerable to Stored Cross Site Scripting. The vulnerability is due to improper validation on uploaded files. This issue can be exploited by an attacker via uploading malicious files leading to the execution of arbitrary JavaScript...
GHSA-GJHC-6XM7-MC8Q Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and...
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and...
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated...
GHSA-WXJ2-777F-VXMF Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated...
CVE-2024-21908
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...
CVE-2024-21910
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...