208 matches found
CVE-2025-20211
CVE-2025-20211 describes a cross-site scripting vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform. The flaw arises from improper validation of user-supplied input, enabling an unauthenticated, remote attacker to persuade a user to click a crafte...
CVE-2025-0511
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-55488
A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...
CVE-2024-10108
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
KLA79484 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, obtain sensitive information, cause denial of service, perform cross-site scripting attack. Below is a...
KLA79485 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service, perform cross-site scripting attack. Below is a...
CVE-2025-0559
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site...
About the security content of visionOS2.1.1
About the security content of visionOS2.1.1 This document describes the security content of visionOS 2.1.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
CVE-2024-47765 Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting XSS attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of...
About the security content of Safari 17.6
About the security content of Safari 17.6 This document describes the security content of Safari 17.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting
SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...
CVE-2023-38551
A CRLF Injection vulnerability in Ivanti Connect Secure 9.x, 22.x allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack...
MGASA-2024-0199 Updated python-jinja2 packages fix security vulnerabilities
It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...
Ivanti Connect Secure 9.x / 22.x XSS Vulnerability
The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victimâs browser, thereby leading to cross-site scripting attack. Note that...
PT-2024-24178 · Unknown · Cosmetics/Beauty Product Online Store
Name of the Vulnerable Software and Affected Versions: Cosmetics and Beauty Product Online Store version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. This enables attackers to...
PT-2024-25790 · Unknown · Puneethreddyhc Event Management
Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Event Management version 1.0 Description: A problematic vulnerability has been found in the software. The issue affects an unknown function of the file /backend/register.php. The manipulation of the arguments event id, full nam...
CVE-2023-5986
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login i...
CVE-2023-44315
A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...
CVE-2023-32445
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack...