1007 matches found
CVE-2023-42180
An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...
Wchat 1.6 HTML Injection
==================================================================================================================================== | Title : Wchat v1.6 - Fully Responsive PHP AJAX Chat Script Html code inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...
Datoo Complete Dating Script 1.0 HTML Injection
==================================================================================================================================== | Title : Datoo - Complete Dating Script v1.0 HTML Inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Cross-site Scripting (XSS)
gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of sanitization in the user input, allowing an attacker to inject and execute malicious javascript by abusing the generation of the HTML code related to emojis...
CMSUsina 2.2.3 Cross Site Request Forgery
==================================================================================================================================== | Title : CMSUsina V2.2.3 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...
XLAgenda 4.4 Cross Site Request Forgery
==================================================================================================================================== | Title : XLAgenda v4.4 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...
Semrush: Lack of sanitization of the billing address in pdf invoice
A vulnerability in the invoice PDF generation allowed HTML code injection due to insufficient sanitization of billing address data. An internal review found no evidence of exploitation...
Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting
The plugin does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URL below...
Allhandsmarketing LMS 2.0 Cross Site Request Forgery
==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of...
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
Trend Micro Apex Central Cross-Site Scripting Vulnerability (CNVD-2023-57662)
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Conditional Menus < 1.2.1 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the HTML code below '...
Conditional Menus < 1.2.1 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the HTML code below...
SAP Business Planning and Consolidation Cross-Site Scripting Vulnerability (CNVD-2023-40159)
SAP Business Planning and Consolidation is a business planning and consolidation software from SAP, Germany that provides budgeting, forecasting, and financial consolidation capabilities. A cross-site scripting vulnerability exists in SAP Business Planning and Consolidation, which can be exploite...
Rocket.Chat Search Messages Cross-Site Scripting Vulnerability
Rocket.Chat is an open source team chat software. Rocket.Chat Search Messages suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack a user's session when...
Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44288)
Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. The Rockwell Automation ArmorStart ST suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script or HTM...
SAP BusinessObjects Platform Cross-Site Scripting Vulnerability
SAP BusinessObjects Platform is a centralized suite for data reporting, visualization, and sharing from SAP, Germany. A cross-site scripting vulnerability exists in SAP BusinessObjects Platform, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to...
Cross-Site Scripting (XSS)
org.xwiki.commons:xwiki-commons-xml is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape arbitrary HTML code before it output to the front end, allowing an attacker to inject and execute malicious javascript on the victim's browser...