2049 matches found
Tenda AC23 输入验证错误漏洞
Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. The Tenda AC23 suffers from a stack buffer overflow vulnerability that stems from the...
LuxSoft LuxCal Web Calendar 跨站脚本漏洞
LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar that stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to...
CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 22.24.1500.0 could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...
CVE-2023-37625
CVE-2023-37625 describes a stored cross-site scripting (XSS) vulnerability in NetBox v3.4.7, exploitable via a crafted payload injected into the Custom Link templates. The available sources (NVD/OSV, etc.) consistently identify the affected software as NetBox 3.4.7 and the vulnerability as stored...
Cross site scripting
A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...
CVE-2023-37613
CVE-2023-37613 describes an XSS vulnerability in Assembly Software Trialworks v11.4, where an attacker can inject a crafted payload into the asset src parameter to execute arbitrary web scripts/HTML in the victim’s browser. The connected sources consistently identify the affected product/version ...
CVE-2023-37613
A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...
Assembly Software Trialworks 跨站脚本漏洞
Assembly Software Trialworks is a feature-rich legal case management platform built by experienced trial attorneys from Assembly Software USA. A security vulnerability exists in Assembly Software Trialworks version v11.4, which stems from the presence of a cross-site scripting XSS vulnerability...
CVE-2023-37785
A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...
Cross site scripting
A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...
CVE-2023-37746
A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...
CVE-2023-37280
Pimcore Admin Classic Bundle (ExtJS-based Backend UI) contains a cross-site scripting vulnerability (CVE-2023-37280) that can be exploited by any admin who has not set up two-factor authentication, without extra privileges. The issue allows execution of arbitrary scripts/HTML content via the admi...
EyouCms Cross-Site Scripting Vulnerability (CNVD-2023-58096)
EyouCms is an open source content management system CMS based on ThinkPHP. EyouCms has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Column management module, which can be exploited by an attacker to execute arbitrar...
Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2023-62934)
Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...
Hostel Management System 跨站脚本漏洞
PHPGurukul Hostel Management System is a hostel management system. A security vulnerability exists in Hostel Management System version v2.1, which can be exploited to execute arbitrary web script or HTML via the add course drop-down menu...
CVE-2023-37136
A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-37134
A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-37135
A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...