2049 matches found
CVE-2023-31163
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...
CVE-2023-31159
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...
CVE-2023-31153
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL...
Anuko Time Tracker 跨站脚本漏洞
Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. A cross-site scripting vulnerability exists in versions prior to Anuko Time Tracker 1.22.11.5782. An attacker can exploit this vulnerability t...
CVE-2023-27075
A cross-site scripting vulnerability XSS in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
MicroBin 跨站脚本漏洞
MicroBin is an ultra-compact, feature-rich, configurable, self-contained and self-hosted pastebin web application from the individual developer Dániel Szabó. A security vulnerability exists in MicroBin version v1.2.0, which stems from a security issue in the component microbin/src/pasta.rs, and c...
CVE-2023-30097
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...
CVE-2023-30095
CVE-2023-30095 affects TotalJS Messenger (commit b6cf1c9). It describes a stored XSS vulnerability in the channel description field, allowing an attacker to execute arbitrary web scripts or HTML in the context of the affected app. The vulnerability is evidenced across multiple sources, including ...
CVE-2023-30097
CVE-2023-30097 concerns TotalJS messenger. The vulnerability is a stored cross-site scripting (XSS) issue in the messenger, exploitable via a crafted payload injected into the private task field (commit b6cf1c9). Affected software is TotalJS messenger; underlying cause is stored XSS; impact is ex...
Cross site scripting
A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...
CVE-2023-30205
A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...
CVE-2023-30405
A cross-site scripting XSS vulnerability in Aigital Wireless-N Repeater MiniRouter v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wlssid parameter at /boafrm/formHomeWlanSetup...
CVE-2023-24836
SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service...
CVE-2022-27979
A cross-site scripting XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component...
CVE-2023-30417
A cross-site scripting XSS vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message...
CVE-2023-30417
Pear-Admin-Boot (v2.0.2 and earlier) is affected by an XSS vulnerability that allows an attacker to inject arbitrary web scripts or HTML via the Title field of a private message. Affected component: Pear-Admin-Boot; root cause: improper sanitization/injection in the Title of private messages; imp...
CVE-2023-2139
A reflected Cross-site Scripting XSS Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code...
Checkmk 跨站脚本漏洞
Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...
Cross site scripting
Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...
CVE-2023-29523
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...