Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit - Bait and Switch Archive Generator...

BlackBerry AtHoc Cross-Site Scripting Vulnerability

BlackBerry AtHoc is a crisis communications solution for federal, state and local governments, public safety and law enforcement agencies, and schools from BlackBerry Canada. A security vulnerability exists in BlackBerry AtHoc version 7.15, which stems from a Reflective Cross-Site Scripting XSS...

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS ABAP cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied...

PT-2023-27988 · Unknown · Dairy Farm Shop Management System Using Php/Mysql

Name of the Vulnerable Software and Affected Versions: Dairy Farm Shop Management System Using PHP and MySQL version 1.1 Description: The issue allows attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. This enables t...

CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

UBUNTU-CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

CVE-2023-39320

CVE-2023-39320 concerns the go.mod toolchain directive introduced in Go 1.21. The description in the CVE entry states this directive can be leveraged to execute scripts and binaries relative to the module root when the go command is executed within the module, affecting modules downloaded from th...

PT-2023-27903 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...

CVE-2023-39711

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

PT-2023-27994 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters in the install/index.php file. This enables the...

PT-2023-25592 · Shirasagi · Shirasagi

Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions prior to 1.18.0 Description: A reflected cross-site scripting issue allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. This enables the...

JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

SHIRASAGI Cross-Site Scripting Vulnerability

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in SHIRASAGI versions prior to v1.18.0. An attacker can exploit the vulnerability to execute arbitrary script on a web browser...

SHIRASAGI Cross-Site Scripting Vulnerability

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in SHIRASAGI versions prior to v1.18.0. An attacker can exploit the vulnerability to execute arbitrary script on a web browser...

PT-2023-27085 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the "Add New...

General Solutions Steiner GmbH CASE 3 Taskmanagement Cross-Site Scripting Vulnerability

General Solutions Steiner CASE 3 Taskmanagement is an application from General Solutions Steiner Austria. A security vulnerability exists in General Solutions Steiner GmbH CASE 3 Taskmanagement version V3.3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a...

General Solutions Steiner GmbH CASE 3 Taskmanagement Cross-Site Scripting Vulnerability

General Solutions Steiner CASE 3 Taskmanagement is an application from General Solutions Steiner Austria. A security vulnerability exists in General Solutions Steiner GmbH CASE 3 Taskmanagement version V3.3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a...

JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client

VI Web Client provided by i-PRO Co., Ltd. is Video Insight’s video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7...

CVE-2023-39578

A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...