CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

CVE-2024-0605

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...

FusionPBX vulnerable to cross-site scripting

Overview FusionPBX contains a stored cross-site scripting vulnerability CWE-79. Satoshi Horikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the web browser of the...

Simple Social Networking Site 跨站脚本漏洞

Social Networking Site is a social networking site. A cross-site scripting vulnerability exists in version 1.0 of Social Networking Site, which stems from the lack of effective filtering and escaping of user-supplied data in the message.php parameter Story, and can be exploited to execute arbitra...

FusionPBX Security Vulnerabilities

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conferencing server and voice application server. A security vulnerability exists in FusionPBX versions prior to 5.1.0. An attacker can...

PT-2024-19862 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 5.1.0 Description: The issue allows a remote authenticated attacker with administrative privileges to execute an arbitrary script on the web browser of the user logging in to the product. This is achieved through a...

CVE-2024-20251

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability exists because the web-based...

FlaskBlog Cross-Site Scripting Vulnerability

FlaskBlog is a simple blog application built using Flask. FlaskBlog suffers from a cross-site scripting vulnerability that stems from improper storage and rendering of pages, allowing an attacker to execute arbitrary JavaScript code...

CVE-2023-37523

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37523

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37523

CVE-2023-37523 affects HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower. The vulnerability arises from missing or insecure tags in the WebUI, which could allow an attacker to execute a malicious script in the user’s browser. Affected component is the WebUI frontend of the Bare OSD ...

CVE-2023-37522

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37522 HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...

PT-2024-12629 · Hcl · Hcl Bigfix Bare Osd Metal Server Webui

Name of the Vulnerable Software and Affected Versions: HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower Description: The issue is related to missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI, which could allow an attacker to execute a malicious script on the...

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

HCL Technologies BigFix OSD Security Vulnerability

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. It is used for the deployment of operating systems. A security vulnerability exists in HCL Technologies BigFix Bare OSD Metal Server WebUI 311.19 and prior versions, which stems from the absence or...

PT-2024-12628 · Hcl · Hcl Bigfix Bare Osd Metal Server Webui

Name of the Vulnerable Software and Affected Versions: HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower Description: The issue is related to missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI, which could allow an attacker to execute a malicious script on the...

Pleasanter Cross-Site Scripting Vulnerability

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter 1.3.49.0 and prior versions, which stems from the presence of a cross-site scripting XSS vulnerability that can be exploited by an attacker to lure a user into visiting the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...

Online Lawyer Management System Cross-Site Scripting Vulnerability

Online Lawyer Management System is an online lawyer management system. Online Lawyer Management System version 1.0 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter First Name in the component Us...