Improper access control

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

CVE-2023-25599

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the testpresenter.php page. A successful exploit could allow an...

CVE-2023-31457

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

CVE-2023-33789

A stored cross-site scripting XSS vulnerability in the Create Contact Groups /tenancy/contact-groups/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-31457

The CVE-2023-31457 issue affects Mitel MiVoice Connect—Headquarters server component—with versions 19.3 SP2 (22.24.1500.0) and earlier. It allows an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. If exploited, the impact aligns w...

CVE-2023-25598

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the home.php page. A successful...

CVE-2023-1209

Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...

Cross site scripting

Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...

CVE-2023-1209

Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...

CVE-2023-1209

The CVE-2023-1209 entry describes a Cross-Site Scripting (XSS) vulnerability in ServiceNow records that can be exploited by an authenticated attacker to inject arbitrary scripts. Affected software is ServiceNow (the platform's records handling), with the root cause described as XSS in the records...

ServiceNow 跨站脚本漏洞

ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage the digital workflow of their business operations. ServiceNow suffers from a security vulnerability. An attacker exploiting the vulnerability can inject arbitrary scripts...

Directory Traversal

johnpbloch/wordpress-core is vulnerable to Directory Traversal. The vulnerability exists in the determinelocale function via wplang parameter due to lack of file access restrictions which allows an unauthenticated attacker to access and load arbitrary translation files and to inject and execute...

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...

CVE-2023-2119 Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Epson printer 跨站脚本漏洞

Epson printer is a printer from the Japanese company Epson. A cross-site scripting vulnerability exists in Epson printer. An attacker can exploit this vulnerability to inject arbitrary script...

CVE-2022-47502

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

CVE-2023-27054

A cross-site scripting XSS vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module...

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

ServiceNow 跨站脚本漏洞

ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage the digital workflow of their business operations. A security vulnerability exists in ServiceNow. An attacker exploiting the vulnerability is able to inject arbitrary scripts...

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...