5087 matches found
Cross site scripting
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...
CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...
Cross site scripting
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code...
PT-2023-28221 · Ibm · Ibm Cics Tx Standard +2
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 10.1 through 11.1 IBM CICS TX Advanced version 10.1 IBM TXSeries for Multiplatforms versions 8.1 through 9.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the...
CVE-2023-1719
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...
Cross-site Scripting (XSS)
phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML elements validation in login.php, which allows an attacker to inject and execute malicious JavaScript into the browser...
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 44, 9.x < 9.0.0 Patch 37, 10.0.x < 10.0.5 Multiple Vulnerabilities
According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - A security related issue has been fixed to prevent javascript injection through help files. CVE-2007-1280 - A security related issue has been fixed which impacted one of...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
GO-2023-2114 Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml
The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP context durin...
GHSA-FGJJ-5JMR-GH83 Fides JavaScript Injection Vulnerability in Privacy Center URL
Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...
PT-2023-8372 · Ibm · Ibm Security Verify Governance
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...
nodejs: code injection via WebAssembly export names
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...
SUSE CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2023-82675)
Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce prior to version 2.4.7, which stems from the application's lack of effective...
CVE-2023-5087
The CVE-2023-5087 vulnerability affects the WordPress Page Builder: Pagelayer plugin prior to version 1.7.8. According to connected sources, users with author-level privileges (or higher) could inject malicious JavaScript into a post’s header or footer via the PageLayer editor, leading to a store...
UBUNTU-CVE-2023-5421
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
2023 Mount Carmel School 6.4.1 Cross Site Scripting
Title: 2023-Mount-Carmel-School-6.4.1 XSS-Reflected - User Interaction Author: nu11secur1ty Date: 10/14/2023 Vendor: https://smart-school.in/ Software: https://demo.smart-school.in/site/userlogin Reference: https://portswigger.net/kb/issues/00200300cross-site-scripting-reflected Description: The...