2049 matches found
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A cross-site scripting XSS vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field...
Bagecms 跨站脚本漏洞
BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...
CVE-2023-33335
Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...
Cross site scripting
Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...
Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...
Sophos iView 跨站脚本漏洞
Sophos iView is a solution from Sophos UK. A security vulnerability exists in Sophos iView that stems from the presence of cross-site scripting XSS, which allows the execution of arbitrary scripts...
CVE-2023-36469
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
ChurchCRM 跨站脚本漏洞
ChurchCRM is an open source CRM system for churches. Church CRM version v4.5.3 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script ...
DzzOffice 跨站脚本漏洞
DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version...
JVN#97818024: Multiple vulnerabilities in Pleasanter
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...
CVE-2023-34657
A stored cross-site scripting XSS vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the webrecordnum parameter...
Wolters Kluwer TeamMate+ 跨站脚本漏洞
Wolters Kluwer TeamMate+ is a financial audit management software from Wolters Kluwer, a Dutch company. A security vulnerability exists in Wolters Kluwer TeamMate+ version 35.0.11.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...
miniCal Cross-Site Scripting Vulnerability
miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...
miniCal 跨站脚本漏洞
miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...
CVE-2023-33736
A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...
Pleasanter 跨站脚本漏洞
Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter 1.3.38.1 and earlier versions, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary scripts on a...
CVE-2023-31548
A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-33750
A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...