4739 matches found
CVE-2023-38309
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's...
CVE-2023-38308
An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...
copyparty v1.8.6 - Reflected Cross Site Scripting Vulnerability
Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting XSS Exploit Author: Vartamtezidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6 Version: =1.8.6 Tested on: Debian Linux CVE :...
Esri ArcGIS Enterprise Cross-Site Scripting Vulnerability
Esri ArcGIS Enterprise is esri's set of GIS geographic information system of the basic software system. A cross-site scripting vulnerability exists in Esri ArcGIS Enterprise that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by...
CVE-2023-31466
An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration - Compliance - Add a new compliance report" and "Configuration - Timekeeper Configuration - Add a new source there" screens, there are entry points to inject JavaScript code...
Cross site scripting
An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration - Compliance - Add a new compliance report" and "Configuration - Timekeeper Configuration - Add a new source there" screens, there are entry points to inject JavaScript code...
CVE-2023-31466
An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration - Compliance - Add a new compliance report" and "Configuration - Timekeeper Configuration - Add a new source there" screens, there are entry points to inject JavaScript code...
copyparty vulnerable to reflected cross-site scripting via k304 parameter
Summary The application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=... Details A reflected cross-site scripting XSS vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking user...
CVE-2022-28867
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...
CVE-2022-28865
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...
Design/Logic Flaw
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...
Hardcoded credentials
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...
CVE-2023-38057
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...
Cross site scripting
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...
CVE-2022-28867
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...
CVE-2022-28867
CVE-2022-28867 affects Nokia NetAct 22 in the Administration of Measurements web UI. A malicious user can edit or add the templateName parameter to inject JavaScript, which is then stored and executed in the victim’s browser. Endpoints involved: /aom/html/EditTemplate.jsf and /aom/html/ViewAllTem...
CVE-2022-28865
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...
CVE-2023-25841
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2023-25837
There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...
CVE-2023-25836
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required...