CVE-2023-48615 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting

On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting XSS via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject...

CVE-2023-4667

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

Input validation

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

CVE-2023-35139

A cross-site scripting XSS vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50W series firmware versions 5.10 through 5.37, USG20W-VPN series firmware versions 5.10 through 5.37, and VPN...

Cross site scripting

A cross-site scripting XSS vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50W series firmware versions 5.10 through 5.37, USG20W-VPN series firmware versions 5.10 through 5.37, and VPN...

Cross-Site Scripting (XSS)

hoteldruid is vulnerable to Cross-Site Scripting. The vulnerability due to insufficient validation or sanitization of user inputs, in the destinatarioemail1 POST parameter. This allows attackers to inject and execute malicious scripts within the application...

PT-2023-30152 · Unknown · Pac Device

Name of the Vulnerable Software and Affected Versions: PAC Device affected versions not specified Description: The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is...

Cross site request forgery (csrf)

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...

Mutation Cross-Site Scripting (mXSS)

tinymce is vulnerable to mutation cross-site scripting mXSS. The vulnerability is caused due to lack of sanitization in handling of text nodes.This could allow an attacker to inject malicious scripts...

insights-client: unsafe handling of temporary files and directories

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...

CVE-2023-3972

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...

Design/Logic Flaw

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...

CVE-2023-3972

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...

PT-2023-29041 · Xolo Cms · Xolo Cms

Name of the Vulnerable Software and Affected Versions: Xolo CMS version 0.11 Description: A reflected cross-site scripting XSS issue was discovered. This issue allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control. Recommendations: Fo...

CVE-2023-4821

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts...

CVE-2023-4819

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

CVE-2023-4819 Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

GHSA-3J7W-JP46-9752 Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious...

Cross Site Scripting

Microweber is vulnerable to Cross-site Scripting XSS .The vulnerability is due to not sanitizing user provided types and title fields during web page generation. This may lead to an attacker injecting malicious scripts that are executed by the victim's browser by sending a crafted URL that reflec...