PT-2023-9189 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a lack of protection for the web page structure in the Thumbnails component of the Redmine web application, allowing for cross-site...

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service allows a attacker to perform XSS attacks.

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service relates to the failure to take measures to neutralize the script in the web page’s attributes. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2023-20005

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

CVE-2023-47099

A Stored Cross-Site Scripting XSS vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server...

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

CVE-2023-47096

A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...

SUSE CVE-2010-5312

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

GHSA-HV45-R2F5-FMHJ Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget

Stored cross-site scripting XSS vulnerability in the Wiki widget in Liferay Wiki Web before 7.0.95 from Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88...

GHSA-J5GV-W838-MMCX Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu

Stored cross-site scripting XSS vulnerability in Page Tree menu in Liferay Layout Implementation before 6.0.102 from Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via...

Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget

Stored cross-site scripting XSS vulnerability in the Wiki widget in Liferay Wiki Web before 7.0.95 from Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88...

CVE-2023-42627

Multiple stored cross-site scripting XSS vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a 1...

GHSA-W2G3-J73Q-7QV7 Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page

Reflected cross-site scripting XSS vulnerability on the Export for Translation page before 2.0.86 from Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2022-48612

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...

The vulnerability of the management interface of Fortinet’s FortiManager device, related to access control deficiencies, allows a perpetrator to add or remove CLI scripts from other ADOMs.

The vulnerability of the Fortinet FortiManager device management interface is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to add or remove CLI scripts from other ADOMs remotely...

Cross site scripting

A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...

Webmin Usermin Cross-Site Scripting Vulnerability

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A cross-site scripting vulnerability exists in Webmin Usermin version 2.000. A remote attacker can use this vulnerability to inject arbitrary web script or HTML via...

PT-2023-27832 · Usermin · Usermin

Name of the Vulnerable Software and Affected Versions: Usermin version 2.000 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating a folder. This affects the management of the folder tab, filter tab, and forward mail tab...

CVE-2023-39938

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script...

Webmin Usermin 跨站脚本漏洞

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability in webmin Usermin version 2.000, which originates from a cross-site scripting XSS vulnerability in the File Manager tab, allows remote...