CVE-2023-20868

CVE-2023-20868 is a reflected cross-site scripting vulnerability in VMware NSX-T due to insufficient input validation. A remote attacker could inject HTML/JavaScript to redirect victims to malicious pages. The connected VMSA-2023-0010 advisory specifies affected NSX-T 3.2.x and that the vulnerabi...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the getGridFilterCondition at TranslationController.php because the field names are not properly escaped which allows an attacker to inject and execute arbitrary JavaScript...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in static routes panel because the name parameter is not properly sanitized which allows an attacker to inject and execute arbitrary JavaScript...

Cross site scripting

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

Wekan 跨站脚本漏洞

Wekan is a website builder from the Wekan team that provides the ability to make planning lists and plan time. A security vulnerability exists in Wekan version v6.84. An attacker exploiting the vulnerability can insert JavaScript code...

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The plugin requires WPBakery Page...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in setName of Rule.php due to improper sanitization of input name parameter which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

editor.md is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in filterHTMLTags function at editormd.js because the inputs are not properly filtered which allows an attacker to inject and execute arbitrary JavaScript...

BoxBilling Cross-Site Scripting Vulnerability

BoxBilling is open source billing and customer management software for BoxBilling individual developers. A cross-site scripting vulnerability exists in BoxBilling versions 4.19,4.19.1,4.20,4.21, which stems from arbitrary code that can be run via a form for submitting a new ticket. An attacker ca...

CVE-2023-32066

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

Cross-Site Scripting (XSS)

wwbn/avideo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in success parameter of script.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2025-1389 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 IBM Sterling B2B Integrator version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentiall...

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is an integrated platform that helps business users rapidly automate all aspects of business operations at scale. A cross-site scripting vulnerability exists in IBM Business Automation Workflow versions 18.0.0.0 through 22.0.2, which can be exploited by an attacke...

CVE-2023-25827 Cross-site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

PT-2023-20332 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB affected versions not specified Description: The issue is caused by insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. This allows an attacker to inject and execut...

CVE-2023-27108

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

GHSA-XGH5-GWQ5-RPX8 Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...