890 matches found
CVE-2023-4493 Easy Address Book Web Server Stored XSS vulnerability
Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...
CVE-2023-4493 Easy Address Book Web Server Stored XSS vulnerability
Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...
CVE-2023-4492 Easy Address Book Web Server XSS vulnerability
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4492 Easy Address Book Web Server XSS vulnerability
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to...
CVE-2023-4564
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...
Design/Logic Flaw
This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel...
CVE-2023-4564
CVE-2023-4564 affects Canopsis (Capensis) with a stored cross-site scripting (XSS) flaw in the admin panel that allows an attacker to store a malicious JavaScript payload via the broadcast message parameter. The Red Hat, NVD, OSV, and related records consistently describe a stored XSS in the broa...
CVE-2023-4564 Multiple vulnerabilities in Canopsis of Capensis
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...
CVE-2023-3196 Multiple vulnerabilities in Canopsis of Capensis
This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel...
CVE-2023-3196 Multiple vulnerabilities in Canopsis of Capensis
This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel...
CVE-2023-32671
A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation...
CVE-2023-32790
Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...
CVE-2023-32790
Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...
CVE-2023-32670
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...
Cross site scripting
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...
Cross site scripting
Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...
CVE-2023-32671
The CVE-2023-32671 entry describes a stored XSS vulnerability in BuddyBoss Platform (version 2.2.9). The flaw allows an attacker to store a malicious JavaScript payload via a POST request when sending an invitation. Public documents confirm this as a stored XSS issue affecting BuddyBoss Platform ...
CVE-2023-32671 BuddyBoss XSS vulnerability
A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation...
CVE-2023-32670 BuddyBoss XSS vulnerability
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...
TikTok: Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd]
A reflected cross-site scripting vulnerability was found in a TikTok endpoint. User-supplied data was reflected without appropriate escaping, allowing JavaScript injection...