32 matches found
CVE-2021-33371
A stored cross-site scripting XSS vulnerability in /navbaraction.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box...
CVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...
CVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...
CVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...
CVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...
Cobblestone Enterprise Contract Management Software 安全漏洞
Cobblestone Enterprise Contract Management Software is an enterprise contract management software from Cobblestone Corporation, USA. A security vulnerability exists in Cobblestone Enterprise Contract Management Software version 22.4.0, which originates from the presence of stored cross-site...
CVE-2025-56320
The CVE-2025-56320 entry affects Cobblestone’s Enterprise Contract Management Portal v.22.4.0. It describes a Stored Cross-Site Scripting (XSS) vulnerability in the chat box component, enabling a remote attacker to execute arbitrary code. The available data does not provide technical details such...
CVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...
EUVD-2021-20077
Malware in sbrugna...
EUVD-2022-52919
Malicious code in bioql PyPI...
CVE-2022-31455
A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...
Monica 安全漏洞
Monica is an AI assistant from Monica. A security vulnerability exists in Monica version v6.3.0, which stems from an instant injection vulnerability in the chat box that allows an attacker to access and steal all previous and subsequent chat data between a user and the AI assistant via a spoofed...
CVE-2024-7204
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...
CVE-2024-7204 Ai3 QbiBot - Stored XSS
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...
CVE-2024-7204 Ai3 QbiBot - Stored XSS
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...
AnythingLLM Cross-Site Scripting Vulnerability
AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from a cross-site scripting vulnerability that originates from injecting cross-site scripting into the chat box...
CVE-2022-31455
A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...
CVE-2022-31455
A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...
Cross site scripting
A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...
CVE-2022-31455
A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...