CVE-2023-40460 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-2876 Session cookie exposure for client side script

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

Vicidial 2.14-783a Cross Site Scripting

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Online Tutor Portal Site 跨站脚本漏洞

Online Tutor Portal Site is an online tutor portal. It is used to provide an online platform for individuals who are looking for and offering tutoring services. A cross-site scripting vulnerability exists in Online Tutor Portal Site version v1.0, which stems from a lack of filtering and escaping ...

WordPress Forms by Pie Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...

WordPress plugin MC4WP跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress MC4WP plugin 4.8.6 and earlier versions have a cross-site scripting vulnerability that can ...

GHSA-WVMQ-W7M8-G9XM Insecure cookie storage in Apache Atlas

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...

Insecure cookie storage in Apache Atlas

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...

WordPress plugin LifterLMS PayPal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in Microweber, which stems from the program's lack of checksum filtering of...

ArchivistaBox webclient 跨站脚本漏洞

ArchivistaBox webclient is a personal file management system from the Swiss company Archivista. cross-site scripting vulnerability exists in previous versions of ArchivistaBox webclient 2022/I, which stems from the program's lack of data validation filtering of user-supplied data and output. An...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to Wordpress Plugin Simple Download Monitor 3.9.11, which stems fr...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. The .htaccess Redirect plugin is a WordPress open source application plugin. The WordPress .htaccess Redirect...

Airangel Hsmx Gateway 跨站脚本漏洞

Airangel Hsmx Gateway is a platform from Airangel UK. It is used to manage authentication and billing in the network.A cross-site scripting vulnerability exists in versions of Airangel Hsmx Gateway prior to 5.2.04, which stems from a lack of data validation filtering of user-supplied data and...

WordPress 插件跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. Translate WordPress-Google Language Translator prior to version 6.0.12 suffers from a cross-site scripting vulnerability, which...

GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

CVE-2019-6835

A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...

CVE-2019-6835

A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...

CVE-2019-16187

Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script...

CVE-2019-16187

Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script...