CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

Malicious code in com.unity.multiplayer.tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c13b40d85fcab5bdfc69f73e935783405ed1d0304f221df3da1726462e86953 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

CVE-2022-40435

Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via adding new entries under the Departments and Designations module...

CVE-2022-39869

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVEPERSISTENTBANNER broadcast...

CVE-2022-36637

Garage Management System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via the brandname parameter at /brand.php...

CVE-2022-1075

A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=savecontact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched...

CVE-2021-43991

The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous...

CVE-2021-30109

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...

CVE-2021-38756

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...

CVE-2021-42119

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...

CVE-2021-42078

PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...

CVE-2021-39866

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...

CVE-2021-3166

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3805 devices. An attacker can upload arbitrary file content as a firmware update when the filename SettingsDSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update,...

CVE-2021-22499

Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack...

CVE-2021-40678

In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batchmanager=unit...

CVE-2021-32793

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added ...

CVE-2020-25833

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack...