Cross-Site Scripting (XSS)

concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the rss displayer which allows an attacker to inject arbitrary JavaScript code into the browser...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the settings.js file, which allows an attacker to inject arbitrary JavaScript code into the browser...

Command injection

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

Exploit Title: FusionInvoice 2023-1.0 - Stored XSS Cross-Site Scripting Date: 2023-05-24 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.squarepiginteractive.com Software Link: https://www.fusioninvoice.com/store Version: 2023-1.0 Tested on: Latest Version of Desktop Web Browsers...

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the save grid option, which allows an attacker to inject arbitrary JavaScript code into the browser...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the Edit parameter of the Find & Order feature, which allows an attacker to inject arbitrary JavaScript code into a browser...

PT-2023-23458 · Wekan · Wekan

Name of the Vulnerable Software and Affected Versions: Wekan versions 6.84 and earlier Description: The issue allows an attacker with user privilege on a kanban board to insert JavaScript code in the "Reaction to comment" feature, leading to Cross Site Scripting XSS. Recommendations: For Wekan...

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

CVE-2023-28529 IBM InfoSphere Information Server 11.7

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the Name field of the WebsiteSetting.php , which allows an attacker to inject arbitrary JavaScript code into a victim's browser, potentially leading to the theft of user...

CVE-2021-39036 IBM Cognos Analytics cross-site scripting

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966...

Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

Impact Execute Javascript code on victim browsers and potentially steal cookies to takeover their account. Patches Update to version 10.5.21 or apply this patches manually https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch Workarounds Apply patches manually:...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2023-37159)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2023-25831

CVE-2023-25831 is a reflected XSS in Esri Portal for ArcGIS. Affects Portal for ArcGIS versions 10.7.1 through 10.9.1 (per PT-2023-20337 and NVD/NVD-derived entries). The vulnerability arises when a crafted link could cause arbitrary JavaScript execution in a victim’s browser. The core issue is a...

CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2023-25830

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

K000134507: jQuery UI vulnerability CVE-2022-31160

Security Advisory Description jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes...