Cross-site Scripting (XSS)

vite is vulnerable to Cross-Site Scripting. This vulnerability exists because it does not properly sanitize inline scripts in the server.transformIndexHtml function, allowing an attacker to inject and execute malicious JavaScript into the browser. This vulnerability is only exploitable if the...

mailcow dockerized cross-site scripting vulnerability

mailcow is a mail server suite. A cross-site scripting vulnerability exists in mailcow dockerized, which stems from a cross-site scripting XSS vulnerability in the system's Quarantine UI, which can be exploited by an attacker to send a crafted email containing malicious JavaScript code...

Cross-site Scripting (XSS)

com.liferay.portal is vulnerable to Cross-Site Scripting. The vulnerability exists due to a lack of user input validated in the plbackurltitle parameter, which allows an attacker to inject and execute malicious JavaScript...

Cross site scripting

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting XSS attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script...

BVRP Software Avanquest Software SLmail Cross-Site Scripting Vulnerability

BVRP Software Avanquest Software SLmail BVRP Software SLmail is an email server solution from BVRP Software, France. A cross-site scripting vulnerability exists in BVRP Software Avanquest Software SLmail version 5.5.0.4433. An attacker exploits the vulnerability to store a malicious JavaScript lo...

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

LibreNMS Cross-site Scripting at Device groups Deletion feature

Summary XSS attacks occurs when application is not sanitising inputs properly and rendering the code from user input to browser which could allow an attacker to execute malicious javascript code. PoC 1. Login 2. Create a device group in /device-groups 3. Name it as " 4. save it 5. Go to services...

Cross site scripting

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information...

CVE-2023-4771 Cross-Site Scripting vulnerability in CKSource CKEditor

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information...

GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...

Cross site request forgery (csrf)

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

Cross-site Scripting (XSS)

phpbb/phpbb is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the main function in acpicons.php does not adequately escape the smilies URL and does not prevent the use of a .pak filename, allowing an attacker to inject and execute malicious JavaScript...

CVE-2023-46475

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code...

CVE-2023-46475

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to Cross-site Scripting XSS. The vulnerability in the favorite feature of form.php because it fails to properly escape malicious characters before rendering. This allows an attacker to inject and execute malicious JavaScript in the web browser when accessing th...

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

VulnCheck KEV: CVE-2023-5631

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

Cross-site Scripting (XSS)

modoboa is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the profile page due to improper input sanitization when switching languages, which allows an attacker to inject malicious JavaScript...

Small CRM Request a Quote Field Cross-Site Scripting Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of data provided in the Request a Quote field, which can be exploited by an attacker to store and execute malicious...

CVE-2023-45279

Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...