CVE-2023-41103

Interact 7.9.79.5 allows stored Cross-site Scripting XSS attacks in several locations, allowing an attacker to store a JavaScript payload...

CVE-2023-41103

Interact 7.9.79.5 allows stored Cross-site Scripting XSS attacks in several locations, allowing an attacker to store a JavaScript payload...

Interact Cross-Site Scripting Vulnerability

Interact is a telecommuting software from Interact. A security vulnerability exists in Interact version 7.9.79.5. An attacker could exploit the vulnerability to store a JavaScript payload to perform a cross-site scripting attack...

CVE-2023-41103

Interact 7.9.79.5 allows stored Cross-site Scripting XSS attacks in several locations, allowing an attacker to store a JavaScript payload...

PT-2023-29616 · Capensis +1 · Canopsis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel. Recommendations: A...

PT-2023-23545 · Capensis +1 · Canopsis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the...

CVE-2023-34412

CVE-2023-34412 affects Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200/250 devices with firmware

Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

Cross site scripting

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

CVE-2020-27449

CVE-2020-27449 affects Zoho ManageEngine Password Manager Pro (version 11.0.0.1, Query Report feature). The issue is a Cross-Site Scripting (XSS) vulnerability stemming from insufficient input filtering/escaping in the Query Report function that could allow remote attackers to execute arbitrary w...

Bubble Menu < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Click on the "Add new" tab...

Bubble Menu < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Click on the "Add new" tab. 2...

GHSA-7J6X-42MM-P7JM Zinc Cross-site Scripting vulnerability

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...

Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Steps to Reproduce: 1. Open Chaty Plugin Dashboard...

CVE-2023-0010

A reflected cross-site scripting XSS vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link...

CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

A reflected cross-site scripting XSS vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link...