Cross site scripting

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

CVE-2023-20265

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

CVE-2023-20265

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

CVE-2023-5599

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...

CVE-2023-5598

Stored Cross-site Scripting XSS vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code...

Cross site scripting

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...

CVE-2023-5599 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...

CVE-2023-5599 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...

CVE-2023-37533

HCL Connections is vulnerable to reflected cross-site scripting XSS where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal...

CVE-2023-37533 HCL Connections is vulnerable to reflected cross-site scripting

HCL Connections is vulnerable to reflected cross-site scripting XSS where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal...

HCL Technologies HCL Connections Cross-Site Scripting Vulnerability

HCL Technologies Hcl Connections is a Web 2.0 enterprise collaboration platform application from HCL Technologies, Inc. It is used to help teams become more productive. A security vulnerability exists in HCL Technologies HCL Connections. An attacker can exploit the vulnerability to execute...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborati...

Code injection

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborati...

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborati...

CVE-2023-29045

CVE-2023-29045 affects Open-Xchange App Suite (documents operations, specifically drawing). The issue arises when drawing data can be manipulated to include invalid data types that may inject script code executed for collaborators in the same document. The root cause is lack of validation of oper...

CVE-2023-29044

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

CVE-2023-29043

CVE-2023-29043 describes a vulnerability where presentations may contain references to images that are user-controlled, allowing script code to be processed during document editing. The encoding of the relevant attribute is intended to avoid script execution. Concrete details from connected docs ...

PT-2023-22109 · Ox Software Gmbh +1 · Ox App Suite +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Documents operations, specifically "drawing", could be manipulated to contain invalid data types, possibly script code. This script code could be inject...