Cross site scripting

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...

CVE-2023-43057

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484...

CVE-2023-43057 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484...

Cross-Site Scripting(XSS)

bootbox is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of sanitization of user input in dialog boxes. This allows an attacker to inject arbitrary Javascript code...

Fedora 39 : ckeditor (2023-426b3a500d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2023:0345-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0345-1 advisory. - Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of...

CVE-2023-1717

Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...

CVE-2023-1719

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...

CVE-2023-1719

CVE-2023-1719 affects Bitrix24 22.0.300 and is caused by overwriting uninitialised variables in bitrix/modules/main/tools.php. This enables unauthenticated attackers to enumerate server attachments, inject arbitrary JavaScript in victims’ browsers, and potentially execute arbitrary PHP code on th...

CVE-2023-1719 Bitrix24 Insecure Global Variable Extraction

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...

Cross site scripting

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2023-38722 IBM Sterling Partner Engagement Manager cross-site scripting

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:4132-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4132-1 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the...

CVE-2023-5631 Stored XSS vulnerability in Roundcube

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

CVE-2023-45358

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users...

Cross site scripting

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users...

CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...

CVE-2023-5421

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

CVE-2023-5421 Possible XSS execution in customer information

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

CVE-2023-40367 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376...