5055 matches found
nodejs: code injection via WebAssembly export names
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...
SUSE CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2023-82675)
Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce prior to version 2.4.7, which stems from the application's lack of effective...
CVE-2023-5087
The CVE-2023-5087 vulnerability affects the WordPress Page Builder: Pagelayer plugin prior to version 1.7.8. According to connected sources, users with author-level privileges (or higher) could inject malicious JavaScript into a post’s header or footer via the PageLayer editor, leading to a store...
UBUNTU-CVE-2023-5421
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
SAML Cross-Site Scripting Vulnerability
SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. A cross-site scripting vulnerability exist...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
PT-2023-15879 · Classlink · Classlink Oneclick Extension
Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.7 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This is because a regular expression, which validates whether a URL is...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
2023 Mount Carmel School 6.4.1 Cross Site Scripting
Title: 2023-Mount-Carmel-School-6.4.1 XSS-Reflected - User Interaction Author: nu11secur1ty Date: 10/14/2023 Vendor: https://smart-school.in/ Software: https://demo.smart-school.in/site/userlogin Reference: https://portswigger.net/kb/issues/00200300cross-site-scripting-reflected Description: The...
ClassLink Cross-Site Scripting Vulnerability
ClassLink is a provider of identity and access management products from ClassLink, Inc. that provide instant access to applications and files through SSO, class scheduling, account configuration, and more. A security vulnerability exists in ClassLink OneClick Extension version 10.7 that stems fro...
Node.js Security Vulnerabilities
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.x and 20.x that originates in the WebAssembly module where JavaScript code can be injected via maliciously crafted export names...
CVE-2023-4492
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4492
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
Design/Logic Flaw
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4492
CVE-2023-4492 is an XSS vulnerability in Easy Address Book Web Server 1.6 affecting multiple parameters in the /addrbook.ghp page (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). The issue allows injecting a JavaScript payload that r...
Cross site scripting
Cross-site Scripting XSS reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response...
PT-2023-29317 · Unknown · Easy Address Book Web Server
Name of the Vulnerable Software and Affected Versions: Easy Address Book Web Server version 1.6 Description: The issue affects the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, and workzip of the "/addrbook.ghp" file, allowing an...
NXLog Cross-Site Scripting Vulnerability
Nxlog is a log collection and centralization software from Nxlog, Inc. that supports multiple operating systems. A cross-site scripting vulnerability exists in NXLog Manager version 5.6.5633, which arises from improper cleaning of input parameters and allows an attacker to inject a malicious...