185 matches found
CVE-2024-30214
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side...
CVE-2024-23187
Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...
CVE-2024-23186
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...
CVE-2023-48254
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...
CVE-2019-6835
A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...
CVE-2025-46749 Improper Neutralization of Input
An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...
CVE-2025-46749 Improper Neutralization of Input
An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...
Schweitzer Engineering Laboratories多款产品 安全漏洞
Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software and more are products of Schweitzer Engineering Laboratories, Inc. of the U.S.A. Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software is a graphical, easy-to-use tool that helps users quickly and easily...
CVE-2024-30145
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications...
CVE-2024-30115
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...
CVE-2024-30115
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...
CVE-2024-30145
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications...
CVE-2024-30145
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications...
CVE-2022-42450
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications...
CVE-2024-30145 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications...
CVE-2024-30115 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...
CVE-2024-30115 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...
CVE-2024-30115
CVE-2024-30115 affects HCL Leap (and related Domino Leap) with an insufficient sanitization policy that allows client-side script injection through the HTML widget. Concrete details across sources indicate an XSS risk, but the available documents do not specify affected versions or a confirmed ex...
CVE-2022-42450 HCL Domino Volt is affected by Cross-site scripting (XSS)
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications...
CVE-2022-42450
CVE-2022-42450 concerns HCL Domino Volt. The issue is improper sanitization of SVG files in deployed Domino Volt applications, enabling client-side script injection (XSS) via SVG content. Documents specify CVSS base scores (NVD: 5.4/ MEDIUM; with UI:R, S:C, etc.; user interaction required) but do...