CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

Cross site scripting

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

PT-2023-29561 · Qad · Qad Search Server

Name of the Vulnerable Software and Affected Versions: QAD Search Server versions up to, and including, 1.0.0.315 Description: The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS due to insufficient checks on indexes. This allows unauthenticated attackers to create a new index...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape user input displayname value in the function loadDataGrid in Index.php allowing a malicious user to inject and execute malicious web script...

Man-in-the-Middle (MitM)

firefox/thunderbird is vulnerable to man-in-the-middle attacks. The address bar can be spoofed by operating a proxy server that provides a 407 HTTP status code accompanied by a malicious web script...

Remote Code Execution (RCE)

Mozilla Firefox and Thunderbird is vulnerable to remote code execution. A use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function allows a remote attacker to execute arbitrary code on a victim's system using a malicious web script. The code is executed when the victim...

Cross site scripting

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center ACC for cross-site scripting XSS vulnerability...

CVE-2003-0624

Cross-site scripting XSS vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter...