Cisco Identity Services Engine Stored XSS (cisco-sa-ISE-XSS-bL4VTML)

According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting vulnerability. A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site...

Cisco TelePresence Management Suite < 15.13.6 XSS (cisco-sa-tms-portal-xss-AXNeVg3s)

According to its self-reported version, Cisco TelePresence Management Suite is affected by multiple cross-site scripting XSS vulnerabilities. Due to insufficient validation of the web-based management, a remote attacker can inject malicious data into a specific field of the interface. A successfu...

CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...

Cross site request forgery (csrf)

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2023-48254

The CVE-2023-48254 entry describes a vulnerability where a remote attacker can inject and execute arbitrary client-side script inside a victim session via a crafted URL or HTTP request. Multiple connected sources corroborate this client-side script execution risk, with the core issue centered on ...

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

Code injection

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this...

CVE-2023-41710

Open-Xchange App Suite CVE-2023-41710 concerns a cross-site scripting (XSS) vulnerability where user-defined script code was not properly sanitized when added to the DOM, potentially allowing attackers to entice users to execute code within a trusted domain. Affected product references include Op...

CVE-2023-29052

The CVE-2023-29052 issue is an Open-Xchange App Suite frontend cross-site scripting vulnerability arising from disclaimer texts in an upsell dialog that could contain unsanitized script code. Affected component: App Suite frontend (notably Open-Xchange App Suite frontend version 7.10.6-rev34 per ...

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

PT-2024-12191 · Open Xchange Gmbh +2 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows users to define disclaimer texts for an upsell shop dialog that contains script code not sanitized correctly. Attackers could lure...

CVE-2023-28017

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

Cross site scripting

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

CVE-2023-28017 HCL Connections is vulnerable to cross-site scripting

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

CVE-2023-28017 HCL Connections is vulnerable to cross-site scripting

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

Cisco IP Phone Stored XSS (cisco-sa-uipphone-xss-NcmUykqA)

According to its self-reported version, Cisco IP Phone Stored Cross-Site Scripting may be affected by a cross-site scripting XSS vulnerability. Due to insufficient validation of user-supplied input, an authenticated, remote attacker can conduct an XSS attacker against a user of the interface on t...