4739 matches found
Cross-site Scripting (XSS)
phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate input validation of the "news" parameter in a POST request, allowing an attacker to inject malicious JavaScript code. Upon visiting the compromised news page, the XSS payload is triggered...
CVE-2024-23727
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.020231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...
CVE-2024-23727
CVE-2024-23727 affects the YI Smart Kami Vision (com.kamivision.yismart) Android app via version 1.0.0_20231219. The vulnerability stems from allowing an implicit Android intent to WebViewActivity to execute arbitrary JavaScript code, enabling a remote attacker to run JS on the device with no us...
CVE-2024-28784
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893...
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...
CVE-2024-28434
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code...
CVE-2024-28434
The CVE affects the Twenty CRM platform (version 0.3.0). It describes a stored cross-site scripting vulnerability triggered by uploading a crafted SVG file, which can lead to JavaScript execution in affected deployments. All connected sources consistently report the same flaw and vulnerable versi...
CVE-2022-32754 IBM Security Verify Directory cross-site scripting
IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445...
CVE-2024-2726
Stored Cross-Site Scripting Stored-XSS vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration...
CVE-2024-2726 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system
Stored Cross-Site Scripting Stored-XSS vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration...
IBM Sterling Secure Proxy Cross-Site Scripting Vulnerability
IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0. An attacker...
IBM Sterling Secure Proxy Cross-Site Scripting Vulnerability (CNVD-2024-15368)
IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0, which stems...
CVE-2024-28237 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...
PT-2024-3278 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.13 Description: The issue is related to improper input neutralization during web page creation, allowing a remote attacker to conduct a cross-site scripting XSS attack. A user with rights to create and share...
Financials By Coda Cross Site Scripting
Vulnerability type: Cross-site Scripting Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: HTTP/2 Host: TIMELINE – 30/10/2023: Vulnerability found – 02/11/2023: Vendor informed – 05/12/2023:...
CVE-2024-22397
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...
Cross site scripting
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2023-28517 IBM Sterling Partner Engagement Manager cross-site scripting
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Cross site scripting
Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code wi...
CVE-2024-28112 Cross site scripting on router page in Peering Manager
Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code wi...