5810 matches found
CVE-2023-51464
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
SUSE CVE-2023-40577
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...
GHSA-GHJV-MH6X-7Q6H avo vulnerable to stored cross-site scripting (XSS) in key_value field
Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...
Cross site scripting
An unauthenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...
CVE-2023-49258 Reflected cross-site scripting vulnerability
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...
CVE-2023-48728
A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2023-48730
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-47861
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2023-47861
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2023-48730
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-48728
A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Cross site scripting
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Cross site scripting
A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Cross site scripting
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-48730
Affected product: WWBN AVideo (dev master commit 15fed957fb). Vulnerability: Stored cross-site scripting (XSS) in navbarMenuAndLogo.php user name rendering due to improper sanitization. The user name is echoed into the navbar and can execute JavaScript when the page is loaded. Exploitation requir...
CVE-2023-48730
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-48730
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
CVE-2023-47861
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2023-48728
WWBN AVideo 11.6 (and dev master commit 3c6bb3ff) is affected by a reflected cross-site scripting (XSS) vulnerability in the function getOpenGraph videoName parameter. The issue arises from missing sanitization of the videoName input displayed on the OpenGraph page, enabling arbitrary JavaScript ...
CVE-2023-47861
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...