PT-2023-17118 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.2.3 Description: A vulnerability has been found in Rebuild, affecting unknown code of the file /feeds/post/publish, leading to cross site scripting. The attack can be initiated remotely. Recommendations: For Rebuild...

CVE-2023-1275

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross...

PT-2023-10274 · WordPress · Woo-Popup

Name of the Vulnerable Software and Affected Versions: woo-popup Plugin versions up to 1.2.2 Description: A problematic vulnerability has been found in the woo-popup Plugin on WordPress, affecting an unknown part of the file admin/class-woo-popup-admin.php. This issue leads to cross-site scriptin...

CVE-2023-0945

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input " leads to cross site scripting. It is possible to launch...

SUSE CVE-2009-4976

Cross-site scripting XSS vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...

SUSE CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

SUSE CVE-2013-5784

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING...

SUSE CVE-2015-2941

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...

SUSE CVE-2015-7187

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via inline JavaScript code that is executed within a third-party extension...

SUSE CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

ServiceNow San Diego Patch和Rome Patch 跨站脚本漏洞

ServiceNow San Diego Patch and ServiceNow Rome Patch are both products of ServiceNow, Inc.ServiceNow San Diego Patch is a series of patches.ServiceNow Rome Patch is an application patch. ServiceNow San Diego Patch and Rome Patch have a security vulnerability that stems from the presence of...

PT-2023-15895 · Unknown · Capsadmin Pac3

Name of the Vulnerable Software and Affected Versions: CapsAdmin PAC3 affected versions not specified Description: A problematic issue was found in CapsAdmin PAC3, affecting some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the url argument leads to...

PT-2023-11814 · Unknown · Jamesmartin Inline Svg

Name of the Vulnerable Software and Affected Versions: jamesmartin Inline SVG versions up to 1.7.1 Description: A vulnerability has been found in the component URL Parameter Handler, specifically in the file lib/inline svg/action view/helpers.rb. The manipulation of the argument filename leads to...

CVE-2022-4601

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/api/theme-edit/ of the component Shipping/Member Discount/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotel...

PT-2022-27705 · Unknown · Shoplazza Lifestyle

Name of the Vulnerable Software and Affected Versions: Shoplazza LifeStyle version 1.1 Description: A problematic issue was found in the Create Product Handler component, affecting an unknown function of the file /admin/api/admin/v2 products. This issue leads to cross-site scripting and can be...

CVE-2022-4525

A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.r...

CVE-2022-4523

A vulnerability, which was classified as problematic, has been found in vexim2. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 21c0a60d12e9d587f905cd084b2c70f9b1592065. It is recommended to...

PT-2022-27435 · Wso2 · Wso2 Carbon-Registry

Name of the Vulnerable Software and Affected Versions: WSO2 carbon-registry versions up to 4.8.6 Description: A vulnerability has been found in WSO2 carbon-registry, affecting an unknown part of the component Request Parameter Handler. The manipulation of the argument...

CVE-2022-4353

A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be use...

pb-cms 安全漏洞

pb-cms is a content management system by LinZhaoguan Personal Developer. A security vulnerability exists in pb-cms version 2.0, which stems from its IpUtil.getIpAddr function that allows attackers to implement cross-site scripting. The attack method has been made public and can be initiated...