3301 matches found
PHP-Login-System Cross-Site Scripting Vulnerability
PHP-Login-System is a web application. A security vulnerability exists in PHP-Login-System version 2.0.1. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...
Cross site scripting
UNSUPPPORTED WHEN ASSIGNED Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of...
CVE-2023-4802
A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to...
CVE-2023-4803
A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...
CVE-2023-4803
A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...
Cross site scripting
A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to...
CVE-2023-40617
A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'...
CVE-2023-38878
A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...
CVE-2023-42471
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...
CVE-2023-38878
A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...
CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...
CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...
The vulnerability of the Tough-cookie package for the Node.js software platform allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the Tough-cookie package for the Node.js software platform is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a remote attacker to execute arbitrary JavaScript code...
CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are...
CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are...
PT-2023-27760 · Unknown · @Dcl/Single-Sign-On-Client
Name of the Vulnerable Software and Affected Versions: @dcl/single-sign-on-client versions prior to 0.1.0 Description: The issue concerns improper input validation in the init function, allowing arbitrary JavaScript to be executed using the javascript: prefix. This can be exploited by passing...
CVE-2023-41642
Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...
GruppoSCAI RealGimm 跨站脚本漏洞
GruppoSCAI RealGimm is a large-scale property and real estate asset management solution from SCAI. A security vulnerability exists in GruppoSCAI RealGimm version 1.1.37p38, which stems from the presence of multiple Reflective Cross-Site Scripting XSS vulnerabilities that could allow an attacker t...
PT-2023-14393 · Ibm · Ibm Security Guardium
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.4 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...