Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1732)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1732 advisory. Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digi...

CVE-2025-59540

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is...

Linux Distros Unpatched Vulnerability : CVE-2023-26302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as...

CVE-2020-6201

The SAP Commerce Testweb Extension, versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting...

PT-2024-7174 · Sap · Sap Commerce Backoffice

Name of the Vulnerable Software and Affected Versions: SAP Commerce Backoffice affected versions not specified Description: The issue is related to the lack of proper encoding of user-controlled inputs in the SAP Commerce Backoffice web application, leading to a Cross-Site Scripting XSS...

PT-2024-21239 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through the "/amssplus/modules/book/main/bookdetail khet person.php" API endpoint,...

PT-2024-22122 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 7.89, 7.93 Description: The issue is related to Cross-Site Scripting XSS due to insufficient encoding of user-controlled inputs in applications based on SAP GUI for HTML. This allows a malicious attacker to...

PT-2023-32659 · Unknown · Bigprof Online Invoicing System

Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/invoicing/app/clients view.php"...

CVE-2023-33986

SAP CRM ABAP Grantor Management - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the applicatio...

CVE-2018-2365

SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...