Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization and validation via the Activity Milestone Name Field. This can be exploited by the attacker to inject malicious JavaScript into the application...

Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization and validation via the Activity Search Criteria Activity Number. This can be exploited by the attacker to inject malicious JavaScript into the application...

Cross-Site-Scripting (XSS)

librenms is vulnerable to Cross-Site-Scripting XSS. The vulnerability arises due to improper validation of device group names in DeviceGroupController.php. An attacker can inject arbitrary JavaScript through the device group field, resulting in XSS...

Schneider Electric EcoStruxure Power Monitoring Expert Cross-Site Scripting Vulnerability

The Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric France for power distribution monitoring in IoT environments. A security vulnerability exists in the Schneider Electric EcoStruxure Power Monitoring Expert that stems from a cross-site scripting...

PT-2023-7000 · Siemens · Simatic Pcs Neo

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Description: The issue is related to a stored cross-site scripting vulnerability in the Administration Console of SIMATIC PCS neo. This vulnerability could allow an attacker with high privileges to injec...

PT-2023-26387 · Ibm · Ibm Cics Tx Advanced

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced version 10.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

CVE-2023-5532 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

Cross Site Scripting

Reportico is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization in the project report title. The attacker can exploit this issue by injecting malicious JavaScript in the title field...

Cross site scripting

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

Cross site scripting

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code...

PT-2023-28221 · Ibm · Ibm Cics Tx Standard +2

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 10.1 through 11.1 IBM CICS TX Advanced version 10.1 IBM TXSeries for Multiplatforms versions 8.1 through 9.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the...

CVE-2023-1719

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...

Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML elements validation in login.php, which allows an attacker to inject and execute malicious JavaScript into the browser...

Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 44, 9.x < 9.0.0 Patch 37, 10.0.x < 10.0.5 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - A security related issue has been fixed to prevent javascript injection through help files. CVE-2007-1280 - A security related issue has been fixed which impacted one of...

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

GO-2023-2114 Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP context durin...

GHSA-FGJJ-5JMR-GH83 Fides JavaScript Injection Vulnerability in Privacy Center URL

Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...

PT-2023-8372 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...