CVE-2023-48042

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

CVE-2023-48042

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

Alumne LMS Cross-Site Scripting Vulnerability

Alumne LMS is an e-learning platform from Alumne LMS, Inc. A cross-site scripting vulnerability exists in Alumne LMS version 4.0.0.1.08, which stems from a lack of proper cleanup in the localidad field on the /users/editmy page, and can be exploited by an attacker to inject a custom JavaScript lo...

PT-2023-30677 · Prestashop · Prestashop Amazzing Filter

Name of the Vulnerable Software and Affected Versions: Prestashop Amazzing filter versions up to 3.2.5 Description: The issue allows remote attackers to inject arbitrary JavaScript code due to a Cross Site Scripting XSS vulnerability in the Search filters of Prestashop Amazzing filter...

Rocky Linux 8 : nodejs:20 (RLSA-2023:7205)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7205 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return ...

PT-2023-30449 · Pachno · Pachno

Name of the Vulnerable Software and Affected Versions: Pachno version 1.0.6 Description: A vulnerability has been identified that allows an authenticated attacker to execute a cross-site scripting XSS attack. The issue exists due to inadequate input validation in the Project Description and...

Artica Pandora FMS Cross-Site Scripting Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS versions 700 through 773, which is caused due to imprope...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

Cross site request forgery (csrf)

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

CVE-2023-2438 UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

Cross Site Scripting (XSS)

Statamic CMS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper MIME validation when uploading files. This could allow an attacker to inject JavaScript via upload image file feature...

Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization and validation via the Activity Milestone Name Field. This can be exploited by the attacker to inject malicious JavaScript into the application...

Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization and validation via the Activity Search Criteria Activity Number. This can be exploited by the attacker to inject malicious JavaScript into the application...

Cross-Site-Scripting (XSS)

librenms is vulnerable to Cross-Site-Scripting XSS. The vulnerability arises due to improper validation of device group names in DeviceGroupController.php. An attacker can inject arbitrary JavaScript through the device group field, resulting in XSS...

Schneider Electric EcoStruxure Power Monitoring Expert Cross-Site Scripting Vulnerability

The Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric France for power distribution monitoring in IoT environments. A security vulnerability exists in the Schneider Electric EcoStruxure Power Monitoring Expert that stems from a cross-site scripting...

PT-2023-7000 · Siemens · Simatic Pcs Neo

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Description: The issue is related to a stored cross-site scripting vulnerability in the Administration Console of SIMATIC PCS neo. This vulnerability could allow an attacker with high privileges to injec...

PT-2023-26387 · Ibm · Ibm Cics Tx Advanced

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced version 10.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

CVE-2023-5532 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

Cross Site Scripting

Reportico is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization in the project report title. The attacker can exploit this issue by injecting malicious JavaScript in the title field...