CVE-2023-48573

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-30148

Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...

CVE-2023-2303

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin...

CVE-2023-0446

The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

Simple Client Management System 跨站脚本漏洞

Simple Client Management System is a Simple Client Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Client Management System SCMS version 1.0, which stems from a stored cross-site scripting XSS vulnerability that could allow a remote attacker to...

PT-2022-25476 · Bookstack · Bookstack

Name of the Vulnerable Software and Affected Versions: BookStack versions prior to v22.09 Description: A cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script. Recommendations: For versions prior to v22.09, update to version v22.09 or later to resolve the...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which can be exploited by remote attackers to injec...

GHSA-826F-32QM-VM3J Jenkins vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors...

elecom lan 跨站脚本漏洞

elecom lan routers is a router from Elecom Japan. A cross-site scripting vulnerability exists in elecom lan routers, which can be exploited by an attacker to inject arbitrary script via an unspecified vector...

XWiki Platform Cross-Site Scripting Vulnerability

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform has a cross-site scripting vulnerability that can be exploited by attackers to persistently inject scripts...

PT-2020-13934 · Salesagility · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM version 7.11.13 Description: The issue is related to stored Cross-Site Scripting XSS in the Documents preview functionality. This could allow remote authenticated attackers to inject arbitrary web script or HTML. Recommendations: For...

CVE-2020-1482

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

CVE-2020-1573

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

PT-2020-3725 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint...

CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

CVE-2020-6470

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML UXSS via crafted clipboard contents...

CVE-2020-5570

Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2020-2205 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exist...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-10479)

Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform. A cross-site scripting vulnerability exists in Microsoft SharePoint Enterprise Server, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive...

CVE-2019-1033

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...