IBM Aspera Console 跨站脚本漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Console that stems from the application's lack of effective filtering and escaping of user-supplied...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...

thirty bees Cross-Site Scripting Vulnerability

thirty bees is a mature e-commerce solution by thirty bees open source. A cross-site scripting vulnerability exists in versions prior to thirty bees 1.5.0 that stems from a security issue in the component admin/AdminRequestSqlController.php that allows an attacker to execute arbitrary web script ...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10111056)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . Cacti versions prior to 1.2.26 cross-site scripting vulnerability ,...

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...

SUSE-SU-2023:4932-1 Security update for libreoffice

This update for libreoffice fixes the following issues: - CVE-2023-6186: Fixed link targets allow arbitrary script execution bsc1217578. - CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection bsc1217577...

PT-2023-31250 · Unknown · Book Store Management System

Name of the Vulnerable Software and Affected Versions: Book Store Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter in the "/bsms ci/index.php/category" API endpoint. This enabl...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Hotel Management System 跨站脚本漏洞

Hotel Management System is an MIS project based on a hotel management system. Hotel Management System v1.0 suffers from a cross-site scripting vulnerability that originates when the checkindate parameter in reservation.php is copied in plain text between tags in an HTML document, and any input is...

Velocity execution without script right through tree macro

Impact It's possible to execute a Velocity script without script right through the document tree. To reproduce: As a user without script right, create a document, e.g., named Nasty Title Set the document's title to $request.requestURI Click "Save & View" Reload the page in the browser The...

The vulnerability of the microprogrammed network device software of ZyXEL USG, USG FLEX, USG20(W)-VPN, and VPN lies in the lack of protective measures for the website structure. This allows attackers to execute arbitrary scripts on the vulnerable device.

The vulnerability of the microprogrammed network device software of ZyXEL USG, USG FLEX, USG20W-VPN, and VPN is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts on the vulnerable device...

The vulnerability of microprogrammed network devices such as ZyXEL USG, USG FLEX, ATP, and VPN lies in the lack of protective measures for the website structure. This allows attackers to execute arbitrary scripts on the vulnerable device.

The vulnerability of the microprogrammed network device software of ZyXEL USG, USG FLEX, ATP, and VPN relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts on the vulnerable device...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted input on the interface. An attacker can manipulate the output of the web page and execute arbitrary HTML and script code in a user's browser session. Details Cross-site scripting or XSS is a code...

CVE-2023-48559

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48443

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0960363)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-04935)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0321972)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0321874)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...