PYSEC-2023-229

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

PYSEC-2023-229

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

CVE-2023-45815 Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context in ArchiveBox

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

CVE-2023-45279

Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...

PT-2023-29705 · Unknown +1 · Archivebox +1

Name of the Vulnerable Software and Affected Versions: ArchiveBox affected versions not specified Description: The issue affects users of the wget extractor who view the content it outputs. If a user is logged in to the ArchiveBox admin site in the same browser session and views an archived...

Yamcs Cross-Site Scripting Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which stems from the fact that it is possible to upload a display...

CVE-2023-5087

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...

CVE-2023-5087 PageLayer < 1.7.8 - Author+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...

Cross Site Scripting (XSS)

ConcreteCMS is vulnerable to Cross Site Scripting. The vulnerability is due to injecting a crafted script into the Forms of the Data objects. The attacker can exploit this vulnerability by injection malicious JavaScript on client side...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of input validation in the library, which allows an attacker to inject and execute malicious javascript through the maliciously crafted URL in the WebIDE beta...

Cross Site Scripting

HtmlSanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization whensvg and math html tags are in the list of allowed elements. An attacker can exploit this vulnerability by injection malicious JavaScript using svg and math html tags...

CVE-2023-4564

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

Design/Logic Flaw

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

CVE-2023-4564 Multiple vulnerabilities in Canopsis of Capensis

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

USN-6406-1 mozjs102 vulnerabilities

Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...

CVE-2023-32671

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation...

Cross Site Scripting

thorsten/phpmyfaq is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization of data. This can be exploited by an attacker to inject malicious JavaScript into the web application...

PT-2023-24024 · Nxlog · Nxlog Manager

Name of the Vulnerable Software and Affected Versions: NXLog Manager version 5.6.5633 Description: A Cross-Site Scripting XSS issue allows an attacker to inject malicious JavaScript into the Full Name field during user edit, due to improper sanitization of the input parameter. This enables the...

Canopsis Cross-Site Scripting Vulnerability

Canopsis is an open source hypervisor solution from Canopsis, Inc. A cross-site scripting vulnerability exists in Canopsis version 23.04-alpha3, which stems from a vulnerability that allows an attacker to store malicious JavaScript loads in the login footer and login page description parameters...

Cross site scripting

In WSFTP Server version prior to 8.8.2, a stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site...