Cross Site Scripting (XSS)

nextcloud/text is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a lack of HTML sanitization in the clipboardTextParser method. The HTML code will get executed if a user copies and pastes HTML code without markup...

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

CVE-2023-45881

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resourcesaddQuickajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response...

Unrestricted file upload

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resourcesaddQuickajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response...

CVE-2023-45881

GibbonEdu Gibbon

CVE-2023-45881

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resourcesaddQuickajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response...

CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

CVE-2023-45358

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users...

CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

Code injection

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

IBM FileNet Content Manager Web UI Cross-Site Scripting Vulnerability

IBM FileNet Content Manager is a flexible and full-featured content management solution. A cross-site scripting vulnerability exists in the IBM FileNet Content Manager Web UI, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive...

Luxcal Event Calendar 3.2.3 Cross Site Request Forgery

==================================================================================================================================== | Title : Luxcal Event Calendar v3.2.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

Privilege escalation

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

PT-2023-28287 · Lenosp · Lenosp

Name of the Vulnerable Software and Affected Versions: lenosp versions 1.0 through 1.2.0 Description: The issue allows attackers to execute HTML code via a crafted JPG file. This is achieved through an arbitrary file upload vulnerability in the /user/upload component. Recommendations: For version...