25 matches found
CVE-2024-32345
CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...
CVE-2024-32344
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...
CVE-2024-32344
CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...
CVE-2018-9182
Twonky Server before 8.5.1 is affected by a cross‑site scripting (XSS) vulnerability exposed via a modified "language" parameter in the Language section. The issue stems from improper handling of the language parameter, enabling XSS payloads. Impact is consistent with XSS (partial integrity impac...
CVE-2018-9182
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section...