5087 matches found
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
CVE-2023-48206
A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
CVE-2023-48206
A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
Cross site scripting
A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...
CVE-2023-48172
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
CVE-2023-48172
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
Cross site scripting
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
CVE-2023-48206
A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
Availability Booking Calendar Cross-Site Scripting Vulnerability
PHPJabbers Availability Booking Calendar is a booking system. A cross-site scripting vulnerability exists in Availability Booking Calendar version 5.0, which originates from a vulnerability that allows an attacker to inject JavaScript injection into index.php...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
CVE-2023-48172
A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...
CVE-2023-48208
CVE-2023-48208 concerns PHPJabbers Availability Booking Calendar v5.0. A stored Cross Site Scripting vulnerability exists in index.php that allows injecting JavaScript via the following parameters: name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name. This is the concre...
CVE-2023-28875
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...
CVE-2023-28875
CVE-2023-28875 concerns a stored XSS in FileRun’s shared files download terms, specifically affecting Filerun Update 20220202. The vulnerability is triggered when a user follows a crafted share link, allowing injected JavaScript code execution in the victim’s browser. Connected sources identify t...
CVE-2023-28875
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...
Cross-site Scripting (XSS)
dpaste is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to improper lexer validation in views.py, which allows an attacker to inject and execute malicious JavaScript into the browser, resulting in XSS...
PT-2023-28212 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...