132 matches found
NewType Infortech NUP Portal 访问控制错误漏洞
NewType Infortech NUP Portal is a portal management and collaborative office software system from NewType Infortech Taiwan, China. An access control error vulnerability exists in NewType Infortech NUP Portal, which stems from a lack of authentication and could allow an unauthenticated remote...
CVE-2025-48208
Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...
CVE-2025-20235
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of...
CVE-2025-42985
Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality a...
CVE-2024-30880
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...
CVE-2024-23188
Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...
CVE-2024-55228
A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...
CVE-2023-39711
Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...
CVE-2022-41205
SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...
CVE-2022-33043
A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...
CVE-2020-19287
A stored cross-site scripting XSS vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title...
CVE-2020-21930
A stored cross site scripting XSS vulnerability in the webattr2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...
CVE-2020-36416
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module...
CVE-2025-0555
A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...
CVE-2024-50705
Unauthenticated reflected cross-site scripting XSS vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter...
CVE-2025-26158
A Stored Cross-Site Scripting XSS vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter...
CVE-2024-57774
A cross-site scripting XSS vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
PT-2025-14719
Name of the Vulnerable Software and Affected Versions Yelp affected versions not specified Description A flaw was found in Yelp, specifically in the Gnome user help application, which allows help documents to execute arbitrary scripts. This issue enables malicious users to input help documents th...
CVE-2024-54935
CVE-2024-54935 describes a Stored Cross-Site Scripting (XSS) in the Kashipara E-learning Management System v1.0. The vulnerability is in /send_message_teacher_to_student.php and is exploitable via the my_message parameter, enabling remote attackers to inject and execute arbitrary scripts. Impact ...
CVE-2024-6449
HyperView Geoportal Toolkit (versions