CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.

There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...

CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.

There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...

CVE-2023-25837

Esri ArcGIS Enterprise Sites (versions 10.9 and below) contain a Cross‑Site Scripting (XSS) vulnerability that can be triggered by a crafted link, potentially executing arbitrary JavaScript in a victim’s browser. The issue requires high‑privileged authenticated access and, if exploited, may expos...

CVE-2023-25836 BUG-000135364 XSS in 10.8.1 sites builder iframe source

There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required...

CVE-2023-25835 BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability

There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the...

CVE-2023-32664

A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to...

CVE-2023-2507

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

CVE-2023-2507

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

Code injection

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

CVE-2023-2507 CleverTap Cordova Plugin 2.6.2 - Reflected XSS

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

CVE-2023-37630

Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting XSS. An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS...

CVE-2023-37630

Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting XSS. An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS...

Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55710)

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site scripting vulnerability exists in Siemens RUGGEDCOM ROX, which can be exploited by attackers to execute malicious javascript code by...

GHSA-5652-92R9-3FX9 Decidim Cross-site Scripting vulnerability in the processes filter

Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...

Cross site scripting

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

CVE-2023-36386

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2023-36390

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...