415 matches found
PT-2023-19816 · Unknown · Sunnet Ctms
Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...
PT-2023-3048 · Dassault Systèmes · Delmia Apriso
Name of the Vulnerable Software and Affected Versions: DELMIA Apriso versions Release 2017 through Release 2022 Description: The issue is related to a reflected Cross-site Scripting XSS vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary script code,...
PT-2023-21172 · Sap · Sap Diagnostic Agent
Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected...
PT-2023-2115 · Aruba · Clearpass Policy Manager
Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: The issue concerns a reflected cross-site scripting XSS attack within the web-based management interface of ClearPass Policy Manager. This could allow a remote attacker to...
SUSE CVE-2002-1700
Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...
SUSE CVE-2005-1156
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."...
SUSE CVE-2008-0415
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting XSS attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation...
SUSE CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...
SUSE CVE-2011-1696
Cross-site scripting XSS vulnerability in Novell Identity Manager aka IDM User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the...
bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting...
PT-2022-6001 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page,...
CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...
CVE-2022-37346
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...
CVE-2020-19914
Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...
CVE-2022-30571
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's...
CVE-2022-27627
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...
WordPress plugin WP Statistics 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Statistics plugin is vulnerable to a cross-site scripting vulnerability, which stems fro...
CVE-2022-22777
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the...
PT-2022-15664 · Tibco · Tibco Jasperreports Server +5
Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 8.0.1 and below TIBCO JasperReports Server - Community Edition versions 8.0.1 and below TIBCO JasperReports Server - Developer Edition versions 8.0.0 and below TIBCO JasperReports Server for AWS Marketplace...
WordPress和WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...