2049 matches found
Joomla! CMS Cross-Site Scripting (CVE-2018-6377)
A cross-site scripting vulnerability exists in Joomla! Core. Successful exploitation results in the execution of arbitrary script code in the target user's browser...
CVE-2022-43118
A cross-site scripting XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field...
CVE-2022-43121
A cross-site scripting XSS vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field...
CVE-2022-43119
A cross-site scripting XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter...
PT-2022-26763 · Intelliants · Intelliants Subrion Cms
Name of the Vulnerable Software and Affected Versions: Intelliants Subrion CMS version 4.2.1 Description: A cross-site scripting XSS issue in the CMS Field Add page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. This enables...
CVE-2022-43317
A cross-site scripting XSS vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
PT-2022-26843 · Unknown · Human Resource Management System
Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A cross-site scripting XSS issue in the "/hrm/index.php?msg" API endpoint allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Human...
CVE-2022-41435
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...
CVE-2022-43076
A cross-site scripting XSS vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter...
CVE-2022-40487
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...
MGASA-2022-0400 Updated libreoffice packages fix security vulnerability
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
PT-2022-26699 · Unknown · Train Scheduler App
Name of the Vulnerable Software and Affected Versions: Train Scheduler App version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. This enables the execution of...
Train Scheduler App 跨站脚本漏洞
Train Scheduler App is a train scheduling application by Carlo Montero Personal Developer. A security vulnerability exists in Train Scheduler App v1.0, which stems from the presence of multiple stored cross-site scripting XSS vulnerabilities that could allow an attacker to execute arbitrary web...
CVE-2022-42991
A stored cross-site scripting XSS vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field...
Softr 跨站脚本漏洞
Softr is a no-code website builder from Softr. A security vulnerability exists in Softr version v2.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload...
CVE-2022-42991
A stored cross-site scripting XSS vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field...
CVE-2022-42054
Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...
CVE-2022-41358
A stored cross-site scripting XSS vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-5694-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5694-1 advisory. It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a...
SUSE-SU-2022:3650-1 Security update for libreoffice
This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 jscSLE-23447: - CVE-2022-3140: Fixed macro URL arbitrary script execution bsc1203209. - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation bsc1201868. - CVE-2022-26307: Fixed...