Cross-site Scripting (XSS)

workflow-job is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the displayName attribute of the summary.jelly does not escape before being rendered, allowing an attacker to inject and execute malicious JavaScript...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

CVE-2023-20868

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages...

CVE-2023-20868

CVE-2023-20868 is a reflected cross-site scripting vulnerability in VMware NSX-T due to insufficient input validation. A remote attacker could inject HTML/JavaScript to redirect victims to malicious pages. The connected VMSA-2023-0010 advisory specifies affected NSX-T 3.2.x and that the vulnerabi...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

CVE-2023-33255

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the getGridFilterCondition at TranslationController.php because the field names are not properly escaped which allows an attacker to inject and execute arbitrary JavaScript...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in static routes panel because the name parameter is not properly sanitized which allows an attacker to inject and execute arbitrary JavaScript...

Cross site scripting

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The plugin requires WPBakery Page...

Wekan 跨站脚本漏洞

Wekan is a website builder from the Wekan team that provides the ability to make planning lists and plan time. A security vulnerability exists in Wekan version v6.84. An attacker exploiting the vulnerability can insert JavaScript code...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in setName of Rule.php due to improper sanitization of input name parameter which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

editor.md is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in filterHTMLTags function at editormd.js because the inputs are not properly filtered which allows an attacker to inject and execute arbitrary JavaScript...

BoxBilling Cross-Site Scripting Vulnerability

BoxBilling is open source billing and customer management software for BoxBilling individual developers. A cross-site scripting vulnerability exists in BoxBilling versions 4.19,4.19.1,4.20,4.21, which stems from arbitrary code that can be run via a form for submitting a new ticket. An attacker ca...

CVE-2023-32066

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

Cross-Site Scripting (XSS)

wwbn/avideo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in success parameter of script.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2025-1389 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 IBM Sterling B2B Integrator version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentiall...

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is an integrated platform that helps business users rapidly automate all aspects of business operations at scale. A cross-site scripting vulnerability exists in IBM Business Automation Workflow versions 18.0.0.0 through 22.0.2, which can be exploited by an attacke...

CVE-2023-25827 Cross-site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...