CVE-2024-40729

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/...

CVE-2024-40727

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/...

CVE-2024-40741

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/id/edit/...

CVE-2024-40736

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add...

CVE-2024-50838

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters...

CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...

CVE-2024-39610

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product...

CVE-2024-37160

Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

CVE-2024-20540

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists...

CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T Corporation data logger products TR-71W/72W a...

CVE-2023-39002

A cross-site scripting XSS vulnerability in the act parameter of systemcertmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-29015

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...

CVE-2023-41047

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

CVE-2023-52059

A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

CVE-2023-47215

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-50339

Stored cross-site scripting vulnerability exists in the User Management /admin/users page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-50732

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...

CVE-2023-49119

Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...