5053 matches found
CVE-2023-43725
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ordersproductsstatusnamelong1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43717
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHHIGHLIGHTENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43707
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm1name " parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43708
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "configurationtitle1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
PT-2023-28924 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the email templates key parameter. This could potentially lead to unauthorized...
PT-2023-28947 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the stock indication text1 parameter. This could lead to unauthorized execution ...
PT-2023-28922 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the title parameter. This potentially leads to unauthorized execution of scripts...
PT-2023-28952 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the zone name parameter, potentially leading to unauthorized execution of script...
PT-2023-28954 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the company address parameter. This could potentially lead to unauthorized...
PT-2023-31767 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the featured type name1 parameter. This could potentially lead to unauthorized...
PT-2023-28933 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the SKIP CART PAGE TITLE1 parameter. This potentially leads to unauthorized...
PT-2023-28946 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the orders products status manual name long1 parameter. This could potentially...
PT-2023-28936 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the MSEARCH HIGHLIGHT ENABLE TITLE1 parameter. This could potentially lead to...
PT-2023-28941 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the PACKING SLIPS SUMMARY TITLE1 parameter. This could potentially lead to...
PT-2023-28927 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the configuration title1 parameter. This could potentially lead to unauthorized...
PT-2023-28925 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the CatalogsPageDescriptionForm1name parameter. This could potentially lead to...
Cross site scripting
A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...
Fujitsu Arconte Áurea Cross-Site Scripting Vulnerability
Fujitsu Arconte Áurea is a view recording system from Fujitsu Japan. A security vulnerability exists in Fujitsu Arconte Áurea versions prior to 1.5.0.0. An attacker could exploit this vulnerability to inject malicious JavaScript code that could compromise and take control of the victim's browser,...
CVE-2023-38582
Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of the web application, the X...