2049 matches found
CVE-2023-27777
Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...
CVE-2023-29522
CVE-2023-29522 affects XWiki Platform. Any user with view rights can execute arbitrary script macros (Groovy/Python) that enable remote code execution and unrestricted read/write access to wiki contents. The attack is triggered by opening a non-existing page whose name contains a dangerous payloa...
Joruri Gw vulnerable to cross-site scripting
Overview Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Joruri Gw 跨站脚本漏洞
Joruri Gw is a web portal of Joruri Inc. A security vulnerability exists in Joruri Gw. An attacker can exploit the vulnerability to execute arbitrary scripts...
CVE-2023-26846
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...
LiveAction LiveSP 跨站脚本漏洞
LiveAction LiveSP is a network monitoring software for service providers from LiveAction. A security vulnerability exists in LiveAction LiveSP version v21.1.2. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...
CVE-2023-27245
A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...
Debian: Security Advisory (DLA-3368-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3368-1] libreoffice security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3368-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaries March 26, 2023 https://wiki.debian.org/LTS -...
CVE-2022-47502 Apache OpenOffice: Macro URL arbitrary script execution
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...
CVE-2022-47502
Apache OpenOffice
Aruba Networks ClearPass Policy Manager 跨站脚本漏洞
Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager that originates from the presence of Reflective Cross Site Scripting XSS, whic...
Cross site scripting
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
CVE-2023-27070
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
CVE-2022-48111
A cross-site scripting XSS vulnerability in the checklogin function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter...
CVE-2023-27211
A cross-site scripting XSS vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...
PT-2023-21009 · Unknown · Online Pizza Ordering System
Name of the Vulnerable Software and Affected Versions: Online Pizza Ordering System version 1.0 Description: A cross-site scripting XSS issue in the /admin/navbar.php endpoint of the Online Pizza Ordering System allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cisco Nexus Dashboard 跨站脚本漏洞
Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It simplifies the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard, which stems from a security issue in the web-based management interface that does not adequately...