CVE-2023-45737

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...

Cross site scripting

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

Cross site scripting

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

Cross site scripting

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-50725

A cross-site scripting flaw was found in Resque due to improper validation of user-supplied input by the resque-web failed and queues lists. This issue could allow a remote authenticated attacker to use a specially crafted URL to execute script in a victim's web browser within the security contex...

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...

CVE-2023-45740

Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

PT-2023-31271 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists in the event handlers of the pre tags. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the...

IBM Aspera Console 跨站脚本漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Console that stems from the application's lack of effective filtering and escaping of user-supplied...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...

thirty bees Cross-Site Scripting Vulnerability

thirty bees is a mature e-commerce solution by thirty bees open source. A cross-site scripting vulnerability exists in versions prior to thirty bees 1.5.0 that stems from a security issue in the component admin/AdminRequestSqlController.php that allows an attacker to execute arbitrary web script ...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10111056)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . Cacti versions prior to 1.2.26 cross-site scripting vulnerability ,...

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...

SUSE-SU-2023:4932-1 Security update for libreoffice

This update for libreoffice fixes the following issues: - CVE-2023-6186: Fixed link targets allow arbitrary script execution bsc1217578. - CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection bsc1217577...

PT-2023-31250 · Unknown · Book Store Management System

Name of the Vulnerable Software and Affected Versions: Book Store Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter in the "/bsms ci/index.php/category" API endpoint. This enabl...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Hotel Management System 跨站脚本漏洞

Hotel Management System is an MIS project based on a hotel management system. Hotel Management System v1.0 suffers from a cross-site scripting vulnerability that originates when the checkindate parameter in reservation.php is copied in plain text between tags in an HTML document, and any input is...

Velocity execution without script right through tree macro

Impact It's possible to execute a Velocity script without script right through the document tree. To reproduce: As a user without script right, create a document, e.g., named Nasty Title Set the document's title to $request.requestURI Click "Save & View" Reload the page in the browser The...

The vulnerability of microprogrammed network devices such as ZyXEL USG, USG FLEX, ATP, and VPN lies in the lack of protective measures for the website structure. This allows attackers to execute arbitrary scripts on the vulnerable device.

The vulnerability of the microprogrammed network device software of ZyXEL USG, USG FLEX, ATP, and VPN relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts on the vulnerable device...