Reflected XSS via "stuffid" parameter

Description The value for the stuffid parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS

FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment. Affected products: All FLIR AX8 thermal...

Cross site scripting

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting XSS due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the...

CVE-2022-37063

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting XSS due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

CVE-2022-38189

CVE-2022-38189 applies to Esri Portal for ArcGIS and describes a stored Cross Site Scripting (XSS) vulnerability where a remote, authenticated attacker can pass and store malicious strings via crafted queries, potentially causing arbitrary JavaScript execution in a user’s browser when the data is...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

CVE-2022-38192

CVE-2022-38192 describes a stored XSS in Esri Portal for ArcGIS. A remote, authenticated attacker can inject malicious strings via crafted queries, which may execute arbitrary JavaScript in a user’s browser when the targeted content is viewed. The vulnerability is linked to the Portal for ArcGIS ...

PT-2022-10857 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.5 IBM Sterling B2B Integrator Standard Edition versions 6.1.0.0 through 6.1.0.4 IBM Sterling B2B Integrator Standard Edition versions 6.1.1.0 through 6.1.1.1...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38186

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38186

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38186

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

Authenticated stored cross-site scripting XSS vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload...

CKEditor < 4.16.2 XSS Vulnerability - Windows

CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

CVE-2022-34768

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

CVE-2022-31663

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting XSS vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window...