CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

PT-2024-37636 · Unknown · Hyperview Geoportal Toolkit

Name of the Vulnerable Software and Affected Versions: HyperView Geoportal Toolkit versions prior to 8.5.0 Description: The issue allows an unauthenticated remote attacker to prepare links that, when opened, will load scripts from a remote location controlled by the attacker and execute them in t...

The vulnerability of the Calltouch analytics service lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary scripts.

The vulnerability of the Calltouch analytics service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

The vulnerability of the sysinfo.cgi script implemented in the Webmin hosting control panel allows a hacker to execute arbitrary scripts.

The vulnerability in the sysinfo.cgi script of the Webmin hosting panel exists because measures are not taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

PT-2024-5256 · Ibm · Ibm Security Directory Integrator +1

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0 Description: The issue is related to stored cross-site scripting in the web interface of the affected software, allowing users to embed...

PT-2024-5672 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure, specifically affecting the component id and object id parameters of the landing module in the Netcat CMS system...

VulnCheck KEV: CVE-2016-4945

Cross-site scripting XSS vulnerability in vpn/js/gatewayloginformview.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSCTMAC cookie...

SilverSky E-mail Cross-Site Scripting Vulnerability

SilverSky E-mail is a mailbox service from the US-based SilverSky, Inc. A cross-site scripting vulnerability exists in SilverSky E-mail version 5.0.3126 that could allow a remote attacker to inject arbitrary web script or HTML via the version parameter...

Modern Campus Omni CMS Security Vulnerability

Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from a Reflected Cross-Site Scripting XSS vulnerability in the...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-34051

A Reflected Cross-site scripting XSS vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter...

USN-6789-1 libreoffice vulnerability

Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially crafted document, a remote attacker could possibly run arbitrary script...

WordPress plugin WP Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-33527

A Stored Cross-site Scripting XSS vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload...

CVE-2024-33528

A Stored Cross-site Scripting XSS vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...

Computer Laboratory Management System 安全漏洞

Computer Laboratory Management System is a computer laboratory management system. A security vulnerability exists in Sourcecodester Computer Laboratory Management System version 1.0, which originates from a cross-site scripting vulnerability that allows remote attackers to inject arbitrary web...

VulnCheck KEV: CVE-2020-23814

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

PT-2024-4456 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to insufficient protection of the web page structure, which can be exploited by a remote attacker to execute arbitrary code. A stored Cross-Site Scripting...

Totara LMS Cross-Site Scripting Vulnerability

Totara LMS is a learning management system from Totara. A cross-site scripting vulnerability exists in Totara LMS version 18.0.1 Build 20231128.01, which stems from the fact that admin/roles/check.php in the component Profile Handler contains some unknown functions that lead to cross-site scripti...