CVE-2024-6050

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting XSS. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...

LoLLMs Cross-Site Scripting Vulnerability

LoLLMs is a web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in lollms-webui that originates from a vulnerability that allows an attacker to inject malicious script via a chat message and then execute it in the...

CVE-2024-5961

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting XSS. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software...

CVE-2024-5961 Reflected XSS in 2ClickPortal

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting XSS. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software...

PT-2024-40354 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware eCommerce platform affected versions not specified Description: A non-persistent Cross-Site Scripting XSS issue has been identified in the frontend of the platform. This issue may allow an attacker to inject and execute malicious...

PT-2024-21278 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site scripting vulnerability exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users...

FitNesse Cross-Site Scripting Vulnerability

FitNesse is a fully integrated standalone wiki and acceptance testing framework. A cross-site scripting vulnerability exists in FitNesse that could allow a remote attacker to execute arbitrary script on a user's web browser...

CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

LRS Security Vulnerabilities

LRS is a protocol, specification, and logic for building xAPI Learning Record Stores LRS in ClojureScript open source by Yet Analytics. A security vulnerability exists in LRS versions prior to 1.2.17. An attacker exploits this vulnerability to execute script or other markup injections in a browse...

DEBIAN-CVE-2023-49086

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...

PT-2023-21483 · Hcl · Hcl Connections

Name of the Vulnerable Software and Affected Versions: HCL Connections affected versions not specified Description: The issue allows an attacker to execute arbitrary script code in the browser of an unsuspecting user after visiting a vulnerable URL, leading to the execution of malicious script...

DEBIAN-CVE-2023-47164

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

CVE-2023-43734

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43713

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser...

CVE-2023-43705

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "translationvalue1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

SHIRASAGI Cross-Site Scripting Vulnerability

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in SHIRASAGI versions prior to v1.18.0. An attacker can exploit the vulnerability to execute arbitrary script on a web browser...

MAHO-PBX NetDevancer series 跨站脚本漏洞

The MAHO-PBX NetDevancer series is an IP-PBX system from MAHO-PBX Japan. A security vulnerability exists in the MAHO-PBX NetDevancer series, which is caused by cross-site scripting XSS in the Management screen, which can be exploited by an attacker to execute arbitrary scripts on the web browser ...