PT-2025-18295 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 15.9-rc-1 through 15.10.8 XWiki versions 16.0.0-rc-1 through 16.2.0 Description: XWiki is a generic wiki platform. The required rights analysis does not consider TextAreas with default content type, allowing a user to put...

CVE-2024-26062

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26052

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26051

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

FitNesse Cross-site Scripting vulnerability

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...

FitNesse Security Breach

FitNesse is a fully integrated standalone wiki and acceptance testing framework. A security vulnerability exists in versions prior to FitNesse 20220319, which stems from a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary scripts on a...

PT-2024-18390 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This is a reflected cross-site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a...

CVE-2024-21584

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user...

PT-2024-11732 · Unknown · Online Flight Booking Management System

Name of the Vulnerable Software and Affected Versions: Online Flight Booking Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter in the add-airline form. This enables the execution...

School Fees Management System Security Breach

School Fees Management System is a tuition management system. A security vulnerability exists in School Fees Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload that injects the name parameter...

CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

BIT-WORDPRESS-2020-11026 Specially crafted filenames in WordPress leading to XSS

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

BIT-WORDPRESS-2020-4046 Authenticated XSS through embed block in WordPress

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

BIT-WORDPRESS-MULTISITE-2020-4046 Authenticated XSS through embed block in WordPress

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

BIT-PHPLIST-2020-36398

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

BIT-ARGO-WORKFLOWS-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

Customer Support System 跨站脚本漏洞

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

CVE-2023-4479 Stored XSS Vulnerability in M-Files Web

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period...