Kashipara Food Management System Cross-Site Scripting Vulnerability (CNVD-2024-13476)

Kashipara Food Management System is a food management system from Kashipara. A cross-site scripting vulnerability exists in version 1.0 of the Kashipara Food Management System, which stems from the lack of effective filtering and escaping of user-supplied data in the partyaddress parameter of the...

PT-2024-14051 · Buffalo · Buffalo Ls210D

Name of the Vulnerable Software and Affected Versions: Buffalo LS210D version 1.78-0.03 Description: The issue allows a remote attacker to execute arbitrary code via the Firmware Update Script at "/etc/init.d/update notifications.sh". Recommendations: For Buffalo LS210D version 1.78-0.03, as a...

YzmCMS 安全漏洞

Yzmcms is an open source CMS Content Management System. YzmCMS version 6.5 to 7.0 cross-site scripting vulnerability, the vulnerability stems from the member/index/register.html page of the Referer HTTP header of the user-supplied data lack of effective filtering and escaping, an attacker can...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2020-26628

A Cross-Site Scripting XSS vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile...

PublicCMS 安全漏洞

PublicCMS is China PublicCMS company's set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in PublicCMS v4.0. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

Apache OpenOffice < 4.1.15 Multiple Vulnerabilities

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes. - Apache OpenOffice documents can contain links that call internal macros with arbitrary...

UBUNTU-CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2023-7027

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This...

CVE-2020-26623

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal...

CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

CVE-2023-47804 Apache OpenOffice: Macro URL arbitrary script execution

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

WireMock 安全漏洞

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

CVE-2023-50470

A cross-site scripting XSS vulnerability in the component admin Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

SUSE-SU-2023:4984-1 Security update for libreoffice

This update for libreoffice fixes the following issues: - CVE-2023-6186: Fixed link targets allow arbitrary script execution bsc1217578. - CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection bsc1217577...

SeaCMS 安全漏洞

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A cross-site scripting vulnerability exists in SeaCMS v12.8, which stems from the lack of effective filtering and escaping of user-supplied da...

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...

CVE-2023-49807

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-50339

Stored cross-site scripting vulnerability exists in the User Management /admin/users page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-45737

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...