6727 matches found
CVE-2024-30950
A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...
MindsDB Cross-Site Scripting Vulnerability (CNVD-2024-26182)
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. MindsDB suffers from a cross-site scripting vulnerability. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute...
CVE-2024-32344
CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...
CVE-2024-32337
WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, allowing an attacker to inject arbitrary script or HTML via a crafted payload in the ADMIN LOGIN URL parameter under the Security module. The CVE is CVE-2024-32337. Affected component: Settings → S...
WonderCMS 安全漏洞
WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.4.3, which originates from a cross-site scripting XSS vulnerability in the Settings section. An attacker can exploit this vulnerability to execute arbitrary web script or...
CVE-2024-32338
WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, exploitable via a crafted payload in the PAGE TITLE parameter under the Current Page module. Impact: can disclose/modify data (low confidentiality and integrity impact) with no availability impact ...
CVE-2024-31651
A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2024-31649
CVE-2024-31649 is a cross-site scripting (XSS) vulnerability in Cosmetics and Beauty Product Online Store v1.0. The flaw allows an attacker to execute arbitrary web scripts or HTML by injecting a crafted payload into the Product Name parameter. Public sources consistently describe the affected so...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17891)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17896)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17897)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17895)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17888)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2024-29220
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...
PT-2024-23651 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload drive parameter...
Mageia: Security Advisory (MGASA-2024-0116)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross-site Scripting (XSS)
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of vulnerable form fields. An attacker can execute arbitrary scripts in the context of the user's browser session by...
Cross-site Scripting (XSS)
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of vulnerable form fields. An attacker can execute arbitrary scripts in the context of the user's...
Updated libreoffice packages fix security vulnerabilities
Improper input validation enabling arbitrary Gstreamer pipeline injection. CVE-2023-6185 Link targets allow arbitrary script execution. CVE-2023-6186...
MGASA-2024-0116 Updated libreoffice packages fix security vulnerabilities
Improper input validation enabling arbitrary Gstreamer pipeline injection. CVE-2023-6185 Link targets allow arbitrary script execution. CVE-2023-6186...