1045 matches found
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2023-40177
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...
Privilege escalation
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...
CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...
XWiki Platform 代码注入漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that originates from the fact that any registered user can execute arbitrary scripts with programmatic privileges using th...
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 22.24.1500.0 could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 22.24.1500.0 could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...
CVE-2022-31455
A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...
CVE-2023-37785
A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...
Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page
Summary Unauthenticated HTML Injection / XSS Possible. Conditions: 2factor authentication must not set before Vulnerable Endpoint: /admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack,...
CVE-2023-37280
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...
Hardcoded credentials
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...
CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...
CVE-2023-37191
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...
CVE-2023-1298
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting XSS vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts...
Cross site scripting
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting XSS vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts...
CVE-2023-1298
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting XSS vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts...
CVE-2023-1298
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting XSS vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
UBUNTU-CVE-2020-23452
A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...