CVE-2023-6423 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

CVE-2023-6420

Voovi Social Networking Script 1.0 is affected by a cross-site scripting (XSS) vulnerability in signup2.php via the emailadd parameter. The root cause is inadequate input handling for emailadd, allowing a remote attacker to inject JavaScript that could partially take over an authenticated user’s ...

CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

CVE-2023-6419 Cross-site Scripting vulnerability in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...

Cross site scripting

A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...

CVE-2023-6359 Cross-Site Scripting in Alumne LMS

A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...

PT-2023-7322 · Unknown · Alumne Lms

Name of the Vulnerable Software and Affected Versions: Alumne LMS version 4.0.0.1.08 Description: A Cross-Site Scripting XSS issue has been found in Alumne LMS, where an attacker could exploit the localidad parameter to inject a custom JavaScript payload. This could allow the attacker to partiall...

CVE-2023-4594

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

Cross site scripting

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

TikTok: RXSS via region parameter

A cross-site scripting vulnerability was discovered in a TikTok endpoint. User-supplied data in the 'region' parameter was reflected without appropriate escaping, allowing JavaScript injection...

PT-2023-8655 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS affected versions not specified Description: A cross-site scripting XSS issue in the web interface of Palo Alto Networks PAN-OS software allows a malicious authenticated read-write administrator to store a JavaScript...

CVE-2023-4592

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

Cross site scripting

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

CVE-2023-4592 Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

CVE-2023-4592 Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

WPN-XM Serverstack Cross-Site Scripting Vulnerability

WPN-XM Serverstack is a server stack from the WPN-XM organization for developing PHP on Windows. A cross-site scripting vulnerability exists in WPN-XM Serverstack version 0.8.6, which stems from the presence of a cross-site scripting vulnerability that could allow a remote attacker to send a...

CVE-2022-35950

CVE-2022-35950 affects OroCommerce. In 4.1.0–4.1.13, 4.2.0–4.2.10, 5.0.0–5.0.10, and 5.1.0–5.1.0 (up to 5.1.1), a JavaScript payload added to the product name may execute at the storefront when a user adds a note to a shopping-list line item containing a vulnerable product. An attacker who can ed...

CVE-2023-4493

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...

Cross site scripting

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...