34 matches found
Eramba 安全漏洞
Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program has features such as IT security, compliance auditing and analysis. A security vulnerability exists in Eramba version 3.22.3, which stems from the presence of a stored cross-site scripting XSS...
CVE-2024-1304
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...
CVE-2023-6424
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...
GruppoSCAI RealGimm 跨站脚本漏洞
GruppoSCAI RealGimm is a large-scale property and real estate asset management solution from SCAI. A security vulnerability exists in GruppoSCAI RealGimm version 1.1.37p38, which stems from the presence of multiple Reflective Cross-Site Scripting XSS vulnerabilities that could allow an attacker t...
PT-2023-26713 · Badaso · Badaso
Name of the Vulnerable Software and Affected Versions: Badaso version 2.9.7 Description: A stored cross-site scripting XSS issue in the Edit Category function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. Recommendations: For...
RUSTSEC-2023-0098 `if-cfg` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
`serd` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
Vehicle Booking System 跨站脚本漏洞
Vehicle Booking System is a vehicle booking system by Martin Mbithi Nzilani personal developer. A security vulnerability exists in Vehicle Booking System v1.0, which originates from a cross-site scripting XSS vulnerability contained in admin-add-vehicle.php. An attacker can exploit this...
ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
Exploit Title: ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting XSS Date: 03/08/2022 Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1 Tested on:...
ThingsBoard 3.3.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: ThingsBoard 3.3.1 - Stored Cross-Site Scripting XSS within the description of a rule node Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1...
CVE-2022-1819
A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input alert1 leads to authenticated cross site scripting. Exploit details have been disclosed to the public...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in SEO...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
SignHere Introduction CVE-2017-11882 - The unique vulnerab...
CodeMeter < 7.10a Multiple Vulnerabilities
According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 7.10a. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption vulnerabilities exist where the packet parser mechanism does not verify length fields. An...