CVE-2024-30476

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...

CVE-2024-30476

CVE-2024-30476 details a Stored Cross-Site Scripting vulnerability in Dell PowerStore Manager. A remote authenticated, low-privileged attacker could exploit this to execute scripts in the browser of an authenticated user. CVSS v3.1 base score 5.4 (Medium); attack vector: Network; privileges requi...

EUVD-2024-55623

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...

PT-2026-40798

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows authentication to be bypassed because the site only performs authentication within the client's browser. The WebSockets used for communication with...

EUVD-2023-28014

Malicious code in bioql PyPI...

EUVD-2023-28021

Malicious code in bioql PyPI...

PT-2025-32681 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16 Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is...

Arbitrary Code Injection

pyLoad-ng is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe JavaScript evaluation caused by insecure CAPTCHA processing logic that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially on the backend server...

CVE-2025-31325 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)

Due to a Cross-Site Scripting vulnerability in SAP NetWeaver ABAP Keyword Documentation, an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the...

CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

CVE-2002-2060

Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images...

CVE-2024-6516

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...

CVE-2024-36459

CVE-2024-36459 is a CRLF cross-site scripting issue identified in SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. Affected components are the Web Agent implementations for IIS and Domino; the vulnerability allows an attacker to execute arbitrary Javascript ...

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

Input validation

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

Broadcom Symantec SiteMinder 跨站脚本漏洞

Broadcom Symantec SiteMinder is an identity provider and federation system from Broadcom, Inc. It provides access to web applications and portals. A security vulnerability exists in Broadcom Symantec SiteMinder version 12.52. An attacker could exploit this vulnerability to execute malicious HTML...