Cisco Unified Communications Manager XSS (cisco-sa-cucm-imp-xss-QtT4VdsK)

The version of Cisco Unified Communications Manager installed on the remote host is prior to 12.51SU8 or 14 prior to 14SU4. It is, therefore affected by a cross-site scripting vulnerability XSS. An unauthenticated remote attacker could, with the interaction of another user, exploit this...

Cisco Evolved Programmable Network Manager XSS (cisco-sa-pi-epnm-storedxss-tTjO62r)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is 7.0 or earlier. It is, therefore, affected by a cross-site scripting XSS vulnerability. Due to insufficient validation of user input, an unauthenticated, remote attacker can, inject malicious code into...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

CVE-2023-20228

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

Microsoft Windows Admin Center 安全漏洞

Microsoft Windows Admin Center is a locally deployed browser-based application from Microsoft USA. The program is primarily used to manage servers, clusters, and more. A security vulnerability exists in Microsoft Windows Admin Center. An attacker exploits the vulnerability to perform spoofing...

CVE-2023-36463 Cross site scripting (XSS) in meldekarten generator

Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't fully...

CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the...

CVE-2023-20068

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...

CVE-2023-20146 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

Cisco Prime Infrastructure Stored XSS (cisco-sa-cisco-pi-epnm-xss-mZShH2J)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.3. It is, therefore, affected by a cross-site scripting XSSvulnerability as referenced in the cisco-sa-cisco-pi-epnm-xss-mZShH2J advisory. This vulnerability is due to insufficient validation of user-supplied...

WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

The plugin does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. As a...

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates aka SocGholish malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of seconda...

U.S. Dept Of Defense: Reflected XSS in ██████████

A reflected XSS vulnerability was found on one of the subdomains of a website. The vulnerability was present in the "militarybranch" parameter of the "NextRequestAccount.action" page. An attacker could exploit this vulnerability to execute XSS attacks and steal user's cookies, launch phishing...

U.S. Dept Of Defense: Reflected XSS in ██████████

A reflected XSS vulnerability was found on one of the subdomains of a website. The vulnerability was present in the "militarybranch" parameter of the "NextRequestAccount.action" page. An attacker could exploit this vulnerability to execute XSS attacks and steal user's cookies, launch phishing...

Vditor 跨站脚本漏洞

Vditor is a browser-based Markdown editor by Vanessa219 Personal Developer. A security vulnerability exists in Vditor versions prior to 3.8.7, which stems from a cross-site scripting XSS vulnerability...

U.S. Dept Of Defense: Reflected XSS in ██████

A reflected XSS vulnerability was found on one of the subdomains of a system. The vulnerability was located in the emailbody parameter of the PreviewLetterhead.aspx page. An attacker could exploit this vulnerability to execute malicious scripts and steal user's cookies, launch phishing attacks, a...

Cross site scripting

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...

CVE-2023-20058

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...