PT-2023-19816 · Unknown · Sunnet Ctms

Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...

Cisco Prime Collaboration Deployment 跨站脚本漏洞

Cisco Prime Collaboration Deployment is a GUI interface from Cisco USA. It allows users to perform tasks such as migrations or upgrades on a list of servers. A cross-site scripting vulnerability exists in Cisco Prime Collaboration Deployment that stems from not properly validating user-supplied...

CVE-2022-27979

A cross-site scripting XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component...

CLTPHP 跨站脚本漏洞

CLTPHP is an open source and efficient site-building PHP content management system. CLTPHP version 6.0 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the file Changyan.php on the lack of effective user-supplied data filtering and escaping, an attacker ca...

CVE-2023-30417

A cross-site scripting XSS vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message...

Pear Admin Boot 跨站脚本漏洞

Pear Admin Boot is an out-of-the-box Spring rapid development platform for the Pear Admin community in China. A security vulnerability exists in Pear Admin Boot v2.0.2. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload...

CVE-2023-30417

Pear-Admin-Boot (v2.0.2 and earlier) is affected by an XSS vulnerability that allows an attacker to inject arbitrary web scripts or HTML via the Title field of a private message. Affected component: Pear-Admin-Boot; root cause: improper sanitization/injection in the Title of private messages; imp...

AeroCMS Cross-Site Scripting Vulnerability (CNVD-2023-32025)

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a cross-site scripting vulnerability that stems from the commentauthor and commentcontent parameters of /post.php failing to properly validate user input. An attacker can exploit this...

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation Vulnerability

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 20.9 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on:...

Checkmk Cross-Site Scripting Vulnerability (CNVD-2023-32769)

Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...

CVE-2023-2139

A reflected Cross-site Scripting XSS Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code...

CVE-2023-2139 Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022

A reflected Cross-site Scripting XSS Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code...

PT-2023-3048 · Dassault Systèmes · Delmia Apriso

Name of the Vulnerable Software and Affected Versions: DELMIA Apriso versions Release 2017 through Release 2022 Description: The issue is related to a reflected Cross-site Scripting XSS vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary script code,...

Checkmk 跨站脚本漏洞

Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...

Cross site scripting

Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...

CVE-2023-29523

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...

WCP Contact Form <= 3.1.0 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-27777

Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...

CVE-2023-29522

CVE-2023-29522 affects XWiki Platform. Any user with view rights can execute arbitrary script macros (Groovy/Python) that enable remote code execution and unrestricted read/write access to wiki contents. The attack is triggered by opening a non-existing page whose name contains a dangerous payloa...

CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...