33 matches found
EUVD-2015-9417
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...
CVE-2015-20118
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...
RealtyScript 跨站脚本漏洞
RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the locationname parameter, which may allow attackers to inject JavaScript payload...
CVE-2015-20118
CVE-2015-20118: RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit JavaScript payloads to the locations.php endpoint, enabling arbitrary code execution in administrator browsers. Public refe...
CVE-2015-20118 RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...
CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...
Craft Commerce has stored XSS in Inventory Location Name
Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...
PT-2026-24640
Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...
CVE-2019-16958
Cross-site Scripting XSS vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
EUVD-2019-7438
Malware in sbrugna...
EUVD-2017-9042
Malware in sbrugna...
EUVD-2016-9481
Malware in sbrugna...
SolarWinds Web Help Desk Cross-Site Scripting Vulnerability (CNVD-2021-01529)
SolarWinds Web Help Desk is a web-based help desk work order and IT asset management software. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0. The vulnerability can be exploited to conduct a cross-site scripting attack via a CSV template file with a specially craft...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
Design/Logic Flaw
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via a crafted CSV template file, using a manipulated Location Name field. The connected Red Hat and CNVD entries corroborate the vulnerability description and refer to the same CVE-2019...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
Solarwinds WebHelpDesk 跨站脚本漏洞
SolarWinds Web Help Desk is a web-based help desk work order and IT asset management software. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0. The vulnerability can be exploited to conduct a cross-site scripting attack via a CSV template file with a specially craft...