CVE-2023-37523

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37523

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37523

CVE-2023-37523 affects HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower. The vulnerability arises from missing or insecure tags in the WebUI, which could allow an attacker to execute a malicious script in the user’s browser. Affected component is the WebUI frontend of the Bare OSD ...

CVE-2023-37522

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37522 HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...

PT-2024-12628 · Hcl · Hcl Bigfix Bare Osd Metal Server Webui

Name of the Vulnerable Software and Affected Versions: HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower Description: The issue is related to missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI, which could allow an attacker to execute a malicious script on the...

PT-2024-12629 · Hcl · Hcl Bigfix Bare Osd Metal Server Webui

Name of the Vulnerable Software and Affected Versions: HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower Description: The issue is related to missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI, which could allow an attacker to execute a malicious script on the...

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

HCL Technologies BigFix OSD Security Vulnerability

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. It is used for the deployment of operating systems. A security vulnerability exists in HCL Technologies BigFix Bare OSD Metal Server WebUI 311.19 and prior versions, which stems from the absence or...

Pleasanter Cross-Site Scripting Vulnerability

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter 1.3.49.0 and prior versions, which stems from the presence of a cross-site scripting XSS vulnerability that can be exploited by an attacker to lure a user into visiting the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...

Kashipara Food Management System Cross-Site Scripting Vulnerability (CNVD-2024-13476)

Kashipara Food Management System is a food management system from Kashipara. A cross-site scripting vulnerability exists in version 1.0 of the Kashipara Food Management System, which stems from the lack of effective filtering and escaping of user-supplied data in the partyaddress parameter of the...

Online Lawyer Management System Cross-Site Scripting Vulnerability

Online Lawyer Management System is an online lawyer management system. Online Lawyer Management System version 1.0 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter First Name in the component Us...

PT-2024-14051 · Buffalo · Buffalo Ls210D

Name of the Vulnerable Software and Affected Versions: Buffalo LS210D version 1.78-0.03 Description: The issue allows a remote attacker to execute arbitrary code via the Firmware Update Script at "/etc/init.d/update notifications.sh". Recommendations: For Buffalo LS210D version 1.78-0.03, as a...

YzmCMS 安全漏洞

Yzmcms is an open source CMS Content Management System. YzmCMS version 6.5 to 7.0 cross-site scripting vulnerability, the vulnerability stems from the member/index/register.html page of the Referer HTTP header of the user-supplied data lack of effective filtering and escaping, an attacker can...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2020-26628

A Cross-Site Scripting XSS vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile...

PublicCMS 安全漏洞

PublicCMS is China PublicCMS company's set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in PublicCMS v4.0. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

Apache OpenOffice < 4.1.15 Multiple Vulnerabilities

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes. - Apache OpenOffice documents can contain links that call internal macros with arbitrary...

UBUNTU-CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...