HGiga MailSherlock 跨站脚本漏洞

Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. A cross-site scripting vulnerability exists in HGiga MailSherlock version 4.5, which stems from insufficient filtering of user input by specific function. The vulnerability can be exploited to conduct...

CVE-2023-24839 HGiga MailSherlock - Reflected XSS

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to scheduler.js because it does not sanitize the html in the time field, which allow an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2023-20584 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server version 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the SEO and Settings feature because it does not properly validate the HTML tags, which allows attackers to inject and execute malicious JavaScript into the browser...

Stored Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to adding media segment in the videoThumbnailUpdateAction function in SettingsController.php which allows an attacker to inject and execute JavaScript in the browser when viewing the video...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the getTabPanel function in admin.js caused by the From and To fields when searching in the Application Logger module which allows an attacker to inject and execute arbitrary JavaScript...

Atlassian Jira 8.0.7 < 8.5.5 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

Cross-site Scripting (XSS)

sogo is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the NSString+Utilities.m of Mail Handler, allowing an attacker to inject and execute malicious javascript...

CVE-2023-0746 XSS Vulnerability in GigaVue-FM

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting...

iFAX AvantFAX 跨站脚本漏洞

iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from a stored cross-site scripting XSS vulnerability that can...

answer cross-site scripting vulnerability (CNVD-2023-31163)

answer is knowledge-based open source community software. You can use it to quickly build product technical support, customer support, user communication and other Q&A community. Answer versions prior to 1.0.6 have a cross-site scripting vulnerability that can be exploited by attackers to inject...

answer 跨站脚本漏洞

answer is knowledge-based open source community software. You can use it to quickly build product technical support, customer support, user communication and other Q&A community. Answer versions prior to 1.0.6 have a cross-site scripting vulnerability that can be exploited by attackers to inject...

CVE-2023-22856

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...

CVE-2023-22857 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

CVE-2023-22856 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploits this vulnerability to inject arbitrary JavaScript in the secure environment of a blog visitor by...

PT-2023-18732 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: A stored Cross-site Scripting XSS vulnerability allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of santization in the GDPR export email address input, which allows an attacker to inject and execute arbitrary JavaScript into the system...