1057 matches found
CVE-2022-45040
A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...
CVE-2022-43143
A cross-site scripting XSS vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container...
CVE-2022-45015
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field...
CVE-2022-43142
A cross-site scripting XSS vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
Ricoh IPSiO SP 4210 跨站脚本漏洞
The Ricoh IPSiO SP 4210 is a laser printer from Ricoh Japan. A security vulnerability exists in the Ricoh IPSiO SP 4210, which can be exploited by an attacker to execute arbitrary scripts on the web browser of a user who logs into the product with administrative privileges...
CVE-2022-43144
A cross-site scripting XSS vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2022-43144
A cross-site scripting XSS vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
PT-2022-26774 · Unknown · Canteen Management System
Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Canteen Management System version 1.0, consider...
CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...
Cross site scripting
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...
CVE-2022-43561 Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...
Cross-Site Scripting (XSS)
apacheairflow is vulnerable to cross-site scripting. The vulnerability is due to the origin query argument in the getsafeurl function of views.py which allows an attacker to inject and execute arbitrary scripts...
CVE-2022-43084
A cross-site scripting XSS vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the vname parameter...
GL.iNet GoodCloud 跨站脚本漏洞
GL.iNet GoodCloud is an IoT device management system from China's Guanglian Zhitong GL.iNet. A cross-site scripting vulnerability exists in GL.iNet GoodCloud version 1.00.220412.00, which stems from the presence of multiple stored cross-site scripting XSS vulnerabilities that could allow an...
USN-5694-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. CVE-2022-3140 Thomas Florian discovered that LibreOffice incorrectly...
Cross-Site Scripting (XSS)
github.com/go-gitea/gitea is vulnerable to cross-site scripting. The vulnerability is due to arguments in command.go given to git commands not being properly handled which allows an attacker to inject and execute arbitrary scripts...
DEBIAN-CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
CVE-2022-2861
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...
CVE-2022-2861
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...
CVE-2022-2861
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...