CVE-2023-48254

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

Cross site request forgery (csrf)

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

Code injection

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

CVE-2023-48248

Summary (CVE-2023-48248): The vulnerability affects Bosch Nexo cordless nutrunner devices and allows an authenticated remote attacker to upload a malicious file to the SD card, enabling execution of client-side script code inside the victim’s session via a crafted URL, HTTP request, or when the p...

CVE-2023-48244

CVE-2023-48244 describes a vulnerability that allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. The documents do not publicly specify affected products, versions, or the exact component/file, nor a confirm...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

PT-2024-13559 · Rexroth +1 · Nexo Cordless Nutrunner Nxa011S-36V +8

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session...

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-40460

CVE-2023-40460 affects the ACEManager component of ALEOS 4.16 and earlier . The vulnerability arises because ACEManager does not validate uploaded file names and types, which could allow an authenticated user to execute client-side scripts within ACEManager and alter device functionality until a ...

CVE-2023-40460 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-2876 Session cookie exposure for client side script

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

Vicidial 2.14-783a Cross Site Scripting

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Online Tutor Portal Site 跨站脚本漏洞

Online Tutor Portal Site is an online tutor portal. It is used to provide an online platform for individuals who are looking for and offering tutoring services. A cross-site scripting vulnerability exists in Online Tutor Portal Site version v1.0, which stems from a lack of filtering and escaping ...

WordPress Forms by Pie Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...

WordPress plugin MC4WP跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress MC4WP plugin 4.8.6 and earlier versions have a cross-site scripting vulnerability that can ...