2049 matches found
JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE
EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...
K17563: Apache Struts vulnerability CVE-2015-2992
Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
JSA10377 - Pulse Policy Secure (PPS): Cross-Site Scripting Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Policy Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by ...
CVE-2023-24234
A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...
Inventory Management System 跨站脚本漏洞
Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...
CVE-2023-24233
A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...
Inventory Management System 跨站脚本漏洞
Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...
CVE-2023-24322
A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...
Cross site scripting
A stored cross-site scripting XSS vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages...
CVE-2022-45730
A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function...
AlmaLinux 9 : libreoffice (ALSA-2023:0304)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0304 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme...
EasyMail vulnerable to cross-site scripting
Overview EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Toyama Taku reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed...
libreoffice security update
7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-8 - Resolves: rhbz2134759 Untrusted Macros - Resolves: rhbz2134757 Weak Master Keys - Resolves: rhbz2134755 Static...
Oracle Linux 9 : libreoffice (ELSA-2023-0304)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0304 advisory. 7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option...
RHEL 9 : libreoffice (RHSA-2023:0304)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
CVE-2022-41441
Multiple cross-site scripting XSS vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters...
libreoffice security update
6.4.7.2-12.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:6.4.7.2-12 - Resolves: rhbz2134752 CVE-2022-26305 Untrusted Macros - Resolves: rhbz2134751 CVE-2022-26307 Weak Master Keys -...