Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include JavaScript code, which is then stored and executed by the...

PT-2023-12955 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Site Configuration Tool website section, where a malicious user can change the filename of an uploaded file to include JavaScript code. This code is then stored and executed ...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the name and lastname fields are not properly sanitized in the users.js.php, which allows an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

tarteaucitronjs is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of user-input sanitization in width, theme, controls, img, and other parameters, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

XWiki 4.2-milestone-1 < 14.6 XSS Vulnerability (GHSA-m3jr-cvhj-f35j)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2023-37630

Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting XSS. An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS...

Cross site scripting

IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650...

GHSA-FXCR-GVCW-HMQM Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

CVE-2023-24497

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2023-24497

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2023-24496

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2023-24496

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

Milesight VPN 安全漏洞

Milesight VPN is a web-based VPN monitoring and management platform from China-based Milesight. A security vulnerability exists in Milesight VPN v2.0.2. An attacker can exploit this vulnerability to cause arbitrary Javascript code injection via a specially crafted HTTP request...

CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

DEBIAN-CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

PYSEC-2023-93

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

Design/Logic Flaw

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...