CVE-2023-38582 Socomec MOD3GP-SY-120K Cross-site Scripting

Persistent cross-site scripting XSS in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAILRCV. When a legitimate user attempts to access to the vulnerable page of the web application, the X...

CVE-2023-40624

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-40624

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

Code injection

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-40624

SAP NetWeaver AS ABAP (Unified Rendering) is affected in SAP_UI 754–758 and SAP_BASIS 702, 731. The root cause is insufficient validation/escaping of user-supplied data, allowing an attacker to inject JavaScript that is executed in the web application. This can enable an attacker to influence the...

PT-2023-27546 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions SAP UI 754 through SAP UI 758 SAP NetWeaver AS ABAP versions SAP BASIS 702, SAP BASIS 731 Description: The issue allows an attacker to inject JavaScript code that can be executed in the web-application,...

CVE-2023-4294

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

CVE-2023-4294 URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

WordPress plugin URL Shortify Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2023-28647 · WordPress · Url Shortify

Name of the Vulnerable Software and Affected Versions: URL Shortify WordPress plugin versions prior to 1.7.6 Description: The issue allows an unauthenticated attacker to inject malicious javascript that will trigger in the plugin's admin panel with statistics of the created short link, due to the...

CVE-2022-22402 IBM Aspera Faspex cross-site scripting

IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571...

CVE-2020-10128 SearchBlox product before V-9.2.1 is vulnerable to Stored-Cross Site Scripting

SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript...

PT-2023-11440 · Unknown · Searchblox

Name of the Vulnerable Software and Affected Versions: SearchBlox versions prior to 9.2.1 Description: The issue concerns stored cross-site scripting in the SearchBlox product, where multiple user input parameters are not properly sanitized or validated. This allows an attacker to inject maliciou...

Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports

...

IBM Security Guardium 跨站脚本漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A cross-site scripting vulnerability exists in IBM Security...

PT-2023-22689 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.3 through 11.5 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

CVE-2020-11711

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possibl...

Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports

The Rust Security Response WG was notified that Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to XSS if the report is subsequent...

WordPress PageLayer Plugin < 1.1.2 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pagelayer:pagelayer"; ifdescription...

XWiki 4.0-milestone-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.1 XSS Vulnerability (GHSA-44h9-xxvx-pg6x)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...