CVE-2023-33287

A stored cross-site scripting XSS vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables...

Stored XSS in End page

Description Allows a user who only has the authority to create surveys not the administrator to bypass validation and embed javascript schemes when creating surveys Step to reproduce - Login as administrator 1. Open User management and Create a user with create surveys only permissions. 1. Logout...

PT-2023-24603 · Jstachio · Jstachio

Name of the Vulnerable Software and Affected Versions: JStachio versions prior to 1.0.1 Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This can be exploited to execute arbitrary JavaScript code in the context of other users visiting...

CVE-2023-28350

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged...

CVE-2023-32686

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

Design/Logic Flaw

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21516

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

PT-2023-24249 · Unknown · Papaya Viewer

Name of the Vulnerable Software and Affected Versions: Papaya Viewer version 1.0.1449 Description: An issue was discovered where user-supplied input in the form of DICOM or NIFTI images can be loaded into the Papaya web application without sanitization. This allows the injection of arbitrary...

CVE-2022-46907

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later...

PT-2023-15104 · Apache · Apache Jspwiki

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions prior to 2.12.0 Description: A carefully crafted request on several JSPWiki plugins could trigger an issue that allows the attacker to execute javascript in the victim's browser and get some sensitive information about...

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

GHSA-X7C2-7WVG-JPX7 kiwitcms vulnerable to stored XSS via unrestricted files upload

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent...

PT-2023-23961 · Kiwi Tcms · Kiwi Tcms

Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.3 Description: The issue arises from insufficient upload validation checks in Kiwi TCMS, allowing an attacker to upload potentially dangerous files. These files can be combined to circumvent the existing...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

Cross site scripting

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

hledger 跨站脚本漏洞

hledger is HLEDGER open source a powerful, fast and intuitive plain text accounting tool with CLI, TUI and Web interfaces. A security vulnerability exists in hledger versions prior to 1.23 that stems from a problem in toBloodhoundJson that allows an attacker to execute JavaScript by encoding...