CVE-2023-27121

A cross-site scripting XSS vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter...

Stored XSS in Attachment File Name

Description A stored cross-site scripting vulnerability exists within the file attachment upload functionality. Replication Steps 0x01. As a user with only the "Edit Record" and "Add Attachments" permissions, the user proceeded to edit a FAQ record and clicked "Add new attachment", as seen in the...

CVE-2023-43734

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-5112

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "specialstypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43728

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "stockdeliverytermstext1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43727

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "stockindicationtext1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43724

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription1name" parameter, potentially leading to unauthorized execution of scripts within a user's web...

CVE-2023-43721

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "PACKINGSLIPSSUMMARYTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43723

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ordersstatusname1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43718

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

Cross site scripting

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHHIGHLIGHTENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

Cross site scripting

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43725

CVE-2023-43725 affects OsCommerce (noted as OsCommerce 4.12.56860 in CVE records). It is a Cross‑Site Scripting (XSS) flaw that allows an attacker to inject JavaScript through the parameter orders_products_status_name_long[1], potentially resulting in unauthorized script execution in a user’s bro...

CVE-2023-43714

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "SKIPCARTPAGETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43713

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser...

CVE-2023-43712

Os Commerce (affected: web app) has a Cross-Site Scripting (XSS) vulnerability via the access_levels_name parameter. Root cause: improper sanitization of input leading to injected JavaScript in user browsers. Impact per sources: potential script execution in a user session; CVSSv3.1 base score 5....

CVE-2023-43711

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "adminfirstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43705

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "translationvalue1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43706

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "emailtemplateskey" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43703

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "productinfoname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...