5087 matches found
PT-2023-15879 · Classlink · Classlink Oneclick Extension
Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.7 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This is because a regular expression, which validates whether a URL is...
SAML Cross-Site Scripting Vulnerability
SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. A cross-site scripting vulnerability exist...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
ClassLink Cross-Site Scripting Vulnerability
ClassLink is a provider of identity and access management products from ClassLink, Inc. that provide instant access to applications and files through SSO, class scheduling, account configuration, and more. A security vulnerability exists in ClassLink OneClick Extension version 10.7 that stems fro...
Node.js Security Vulnerabilities
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.x and 20.x that originates in the WebAssembly module where JavaScript code can be injected via maliciously crafted export names...
CVE-2023-4492
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4492
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
Design/Logic Flaw
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4492
CVE-2023-4492 is an XSS vulnerability in Easy Address Book Web Server 1.6 affecting multiple parameters in the /addrbook.ghp page (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). The issue allows injecting a JavaScript payload that r...
Cross site scripting
Cross-site Scripting XSS reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response...
PT-2023-29317 · Unknown · Easy Address Book Web Server
Name of the Vulnerable Software and Affected Versions: Easy Address Book Web Server version 1.6 Description: The issue affects the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, and workzip of the "/addrbook.ghp" file, allowing an...
NXLog Cross-Site Scripting Vulnerability
Nxlog is a log collection and centralization software from Nxlog, Inc. that supports multiple operating systems. A cross-site scripting vulnerability exists in NXLog Manager version 5.6.5633, which arises from improper cleaning of input parameters and allows an attacker to inject a malicious...
CVE-2023-43735
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "formatstitles7" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-5112
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "specialstypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43725
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ordersproductsstatusnamelong1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43717
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHHIGHLIGHTENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43708
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "configurationtitle1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43707
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm1name " parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
PT-2023-28947 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the stock indication text1 parameter. This could lead to unauthorized execution ...