CVE-2024-3841

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...

PT-2024-23651 · Unknown · Rageframe2

Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload drive parameter...

CVE-2024-2778

A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched...

CVE-2024-22936

Cross-site scripting XSS vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2024-26269

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Cross site scripting

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts...

Tenable Network Security Nessus Cross-Site Scripting Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. Nessus suffers from a cross-site scripting vulnerability. A remote attacker exploiting this vulnerability may be able to change Nessus proxy settings, which could lead to the executi...

PT-2024-15935 · Tenable · Tenable Nessus

Name of the Vulnerable Software and Affected Versions: Tenable Nessus affected versions not specified Description: A stored XSS issue exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, leading to the execution ...

Group Office CRM 安全漏洞

Group Office CRM is a software application. Share projects, calendars, files and emails with colleagues and clients online. Easy to use and fully customizable. A security vulnerability exists in Group Office CRM versions prior to v6.6.182, prior to v6.7.64, and prior to v6.8.31. A remote attacker...

CVE-2023-51946

Multiple reflected cross-site scripting XSS vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML...

GHSA-859H-4W58-78XW Cross-site Scripting in JFinal

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

JFinalCMS Cross-Site Scripting Vulnerability

JFinalCMS is a content management system by heyewei Personal Developer. A cross-site scripting vulnerability exists in JFinalCMS version 5.0.0, which originates from cross-site scripting via the /gusetbook/save contact parameter and allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows remote attackers to inject and execute arbitrary client-side scripting code within a...

The vulnerability of the bumsys business management system, related to the remote execution of PHP files, allows a hacker to execute arbitrary code.

The vulnerability of the bumsys business management system is related to the remote execution of PHP files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests...