Cross site scripting

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application...

CVE-2023-28014 HCL BigFix Mobile can be affected by a cross-site scripting (XSS) vulnerability

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application...

PT-2023-19243 · Steven Henty · Drop Shadow Boxes

Name of the Vulnerable Software and Affected Versions: Steven Henty Drop Shadow Boxes plugin versions 1.7.10 and earlier Description: The issue is related to an Authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject...

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29457

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29457

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29457

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29457 Insufficient validation of Action form input fields

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29455

CVE-2023-29455 describes a reflected (non-persistent) XSS in Zabbix frontend, triggered by passing malicious code as a GET parameter to graph.php. The connected Debian advisory confirms this CVE is among multiple Zabbix flaws and provides remediation: on Debian 11 (bullseye) upgrade to 1:5.0.44+d...

Task Reminder System 跨站脚本漏洞

Task Reminder System is a task reminder system by Carlo Montero Personal Developer. A security vulnerability exists in version 1.0 of the Sourcecodester Task Reminder System, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could allow an authenticated use...

Cross site scripting

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting...

PT-2023-12398 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an authenticated attacker to create alerts that trigger a stored XSS attack. This means an attacker with authentication credentials can...

Cross site scripting

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

CVE-2022-4361

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

CVE-2022-4361

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

Stored Xss in Question field due to lack of sanitization in Link.php

Description Stored XSS Cross-Site Scripting is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the...

Ovarro TBox RTUs 安全漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. The Ovarro TBox RTUs suffers from a security vulnerability that originates from running OpenVPN with root privileges and the ability to run user-defined configuration scripts, which allows an attacker to...

PT-2023-25630 · Tbox Rtus +1 · Tbox Rtus +1

Name of the Vulnerable Software and Affected Versions: TBox RTUs affected versions not specified Description: The issue concerns TBox RTUs that run OpenVPN with root privileges and are capable of executing user-defined configuration scripts. An attacker can set up a local OpenVPN server and push ...