CVE-2023-48208

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

CVE-2023-48208

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

CVE-2023-48206

A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...

CVE-2023-48172

A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

CVE-2023-28875

CVE-2023-28875 concerns a stored XSS in FileRun’s shared files download terms, specifically affecting Filerun Update 20220202. The vulnerability is triggered when a user follows a crafted share link, allowing injected JavaScript code execution in the victim’s browser. Connected sources identify t...

Cross-site Scripting (XSS)

dpaste is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to improper lexer validation in views.py, which allows an attacker to inject and execute malicious JavaScript into the browser, resulting in XSS...

PT-2023-28212 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

CVE-2023-48042

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

CVE-2023-48042

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

Rocky Linux 8 : nodejs:20 (RLSA-2023:7205)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7205 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return ...

PT-2023-30677 · Prestashop · Prestashop Amazzing Filter

Name of the Vulnerable Software and Affected Versions: Prestashop Amazzing filter versions up to 3.2.5 Description: The issue allows remote attackers to inject arbitrary JavaScript code due to a Cross Site Scripting XSS vulnerability in the Search filters of Prestashop Amazzing filter...

Alumne LMS Cross-Site Scripting Vulnerability

Alumne LMS is an e-learning platform from Alumne LMS, Inc. A cross-site scripting vulnerability exists in Alumne LMS version 4.0.0.1.08, which stems from a lack of proper cleanup in the localidad field on the /users/editmy page, and can be exploited by an attacker to inject a custom JavaScript lo...

PT-2023-30449 · Pachno · Pachno

Name of the Vulnerable Software and Affected Versions: Pachno version 1.0.6 Description: A vulnerability has been identified that allows an authenticated attacker to execute a cross-site scripting XSS attack. The issue exists due to inadequate input validation in the Project Description and...

Artica Pandora FMS Cross-Site Scripting Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS versions 700 through 773, which is caused due to imprope...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

Cross site request forgery (csrf)

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

CVE-2023-2438 UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...