CVE-2023-3526 PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.021, which stems from a Reflected Cross-Site Scripting XSS vulnerability discovered in the Package Search feature. The...

CVE-2023-37272

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1....

CVE-2023-37272 XSS vulnerability in JOC Cockpit branch 1.13

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1....

Cross-Site Scripting (XSS)

admidio/admidio is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in this library. which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Ultimate Dashboard - Settings - General"...

Cross site scripting

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed...

CVE-2023-27864

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327...

PT-2023-21382 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management versions 7.6.1.2 through 7.6.1.3 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the...

Cross site scripting

Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration...

Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames

Impact A cross-site scripting vulnerability has been identified in Goobi viewer core when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain...

Cross site scripting

Experience Manager versions 6.5.15.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

SUSE CVE-2011-1709

GNOME Display Manager gdm before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when uploading an image file as a store logo. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected...

Cross site scripting

Cross-site Scripting XSS vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Progress Software WhatsUp Gold 跨站脚本漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in versions of Progress Software WhatsUp Gold prior to...

Esri Portal For ArcGis 代码注入漏洞

Esri Portal For ArcGis is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A code injection vulnerability exists in Esri Portal For ArcGis versions 10.8.1 and...

CVE-2022-35697

Adobe Experience Manager Core Components version 2.20.6 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...