CVE-2022-4233

A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. T...

PT-2022-9010 · Tribal Systems · Zenario Cms

Name of the Vulnerable Software and Affected Versions: Tribal Systems Zenario CMS versions prior to 8.5.51340 Description: A vulnerability has been found in the Error Log Module of the Tribal Systems Zenario CMS, specifically in the file admin organizer.js. This issue leads to cross-site scriptin...

CVE-2022-3518

A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to...

CVE-2022-3452

A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument categoryname leads to cross site scripting. The attack can be initiated remotely...

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2022-2684

A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input alert1 leads to cross site scripting...

The vulnerability of the microprogramming software of Cisco Catalyst 2940 allows a attacker to carry out XSS attacks.

The vulnerability of Cisco Catalyst 2940 microprogramming software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Patient Management System 安全漏洞

Clinics Patient Management System is a patient management system for clinics by Carlo Montero, an individual developer. A security vulnerability exists in Patient Management System version 2.0, which stems from an unrestricted upload due to the parameter profilepicture, and can be exploited by an...

Nystudio107 Seomatic 跨站脚本漏洞

Nystudio107 Seomatic is a comprehensive, powerful and flexible turnkey SEO system in the USA. Facilitates modern SEO best practices and implementation of Craft CMS 3. A security vulnerability exists in Nystudio107 Seomatic version 3.4.10, which can be exploited by a remote attacker to inject...

PT-2022-8046 · Thomson · Thomson Tcw710

Name of the Vulnerable Software and Affected Versions: Thomson TCW710 version ST5D.10.05 Description: A problematic issue has been found in the processing of the file /goform/wlanPrimaryNetwork. The manipulation of the ServiceSetIdentifier argument with the input alert1 as part of a POST Request...

The vulnerability of the Web interface and API of the Cisco Application Policy Infrastructure Controller allows attackers to execute cross-site scripting attacks.

The vulnerability of the Cisco Application Policy Infrastructure Controller’s web interface and API exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2021-20787

Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...

The vulnerability of the DSGVO plugin for WordPress content management systems allows attackers to perform cross-site scripting attacks.

The vulnerability of the DSGVO plugin for WordPress content management systems involves the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...

CVE-2021-29201

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4; HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 iLO 5 for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H versions: Pri...

CVE-2021-29146

A remote cross-site scripting XSS vulnerability was discovered in Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability...

The vulnerability of the Mozilla Firefox browser, related to the lack of protection for service data, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Mozilla Firefox browser is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. The vulnerability in Microsoft Dynamics with the attribute CVE-2020-16943 allows a malicious person to access sensitive data. The vulnerabilities with the attributes CVE-2020-16956 and CVE-2020-16978 enable a remote maliciou...

The vulnerability of the IBM Business Process Manager system and the IBM Business Automation Workflow software lies in the lack of measures taken to protect the website structure. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the IBM Business Process Manager system and the IBM Business Automation Workflow software relates to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2020-24897

The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...

The vulnerability of Microsoft SharePoint Server, SharePoint Enterprise Server, and Microsoft SharePoint Foundation software for electronic document management exists due to the lack of measures taken to protect the website structure. This vulnerability allows attackers to execute cross-site scripting attacks.

The vulnerability of Microsoft SharePoint Server, SharePoint Enterprise Server, and Microsoft SharePoint Foundation software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...