6666 matches found
CVE-2023-20151 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-28677
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...
CVE-2023-25592
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...
CVE-2023-25593
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...
Cross site scripting
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting XSS attack. This flaw exists because the bootstrapflash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent...
CVE-2023-25593 Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...
CVE-2023-25592 Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...
Cisco Prime Infrastructure Stored XSS (cisco-sa-cisco-pi-epnm-xss-mZShH2J)
The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.3. It is, therefore, affected by a cross-site scripting XSSvulnerability as referenced in the cisco-sa-cisco-pi-epnm-xss-mZShH2J advisory. This vulnerability is due to insufficient validation of user-supplied...
Cisco Evolved Programmable Network Manager Stored XSS (cisco-sa-cisco-pi-epnm-xss-mZShH2J)
The version of Cisco Evolved Programmable Network Manager installed on the remote host is prior to 7.0. It is, therefore, affected by a cross-site scripting XSSvulnerability as referenced in the cisco-sa-cisco-pi-epnm-xss-mZShH2J advisory. This vulnerability is due to insufficient validation of...
Cross site scripting
A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...
CVE-2023-20104 Cisco Webex App for Web Cross-Site Scripting Vulnerability
A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...
CVE-2023-20104 Cisco Webex App for Web Cross-Site Scripting Vulnerability
A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...
CVE-2023-20069 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This...
CVE-2023-22778
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the...
CVE-2023-20053
A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user...
CVE-2023-22778 Authenticated Stored Cross-Site Scripting
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the...
GHSA-GRMJ-GPWM-98WW Moodle Cross-site Scripting vulnerability
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw...
GHSA-97QF-PQ7X-964M Moodle Cross-site Scripting vulnerability
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable...