PT-2024-19862 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 5.1.0 Description: The issue allows a remote authenticated attacker with administrative privileges to execute an arbitrary script on the web browser of the user logging in to the product. This is achieved through a...

CVE-2024-20251

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability exists because the web-based...

FlaskBlog Cross-Site Scripting Vulnerability

FlaskBlog is a simple blog application built using Flask. FlaskBlog suffers from a cross-site scripting vulnerability that stems from improper storage and rendering of pages, allowing an attacker to execute arbitrary JavaScript code...

CVE-2023-37523

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37523

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37523

CVE-2023-37523 affects HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower. The vulnerability arises from missing or insecure tags in the WebUI, which could allow an attacker to execute a malicious script in the user’s browser. Affected component is the WebUI frontend of the Bare OSD ...

CVE-2023-37522

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37522 HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...

PT-2024-12628 · Hcl · Hcl Bigfix Bare Osd Metal Server Webui

Name of the Vulnerable Software and Affected Versions: HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower Description: The issue is related to missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI, which could allow an attacker to execute a malicious script on the...

PT-2024-12629 · Hcl · Hcl Bigfix Bare Osd Metal Server Webui

Name of the Vulnerable Software and Affected Versions: HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower Description: The issue is related to missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI, which could allow an attacker to execute a malicious script on the...

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

HCL Technologies BigFix OSD Security Vulnerability

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. It is used for the deployment of operating systems. A security vulnerability exists in HCL Technologies BigFix Bare OSD Metal Server WebUI 311.19 and prior versions, which stems from the absence or...

Pleasanter Cross-Site Scripting Vulnerability

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter 1.3.49.0 and prior versions, which stems from the presence of a cross-site scripting XSS vulnerability that can be exploited by an attacker to lure a user into visiting the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...

Online Lawyer Management System Cross-Site Scripting Vulnerability

Online Lawyer Management System is an online lawyer management system. Online Lawyer Management System version 1.0 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter First Name in the component Us...

YzmCMS 安全漏洞

Yzmcms is an open source CMS Content Management System. YzmCMS version 6.5 to 7.0 cross-site scripting vulnerability, the vulnerability stems from the member/index/register.html page of the Referer HTTP header of the user-supplied data lack of effective filtering and escaping, an attacker can...

PT-2024-14051 · Buffalo · Buffalo Ls210D

Name of the Vulnerable Software and Affected Versions: Buffalo LS210D version 1.78-0.03 Description: The issue allows a remote attacker to execute arbitrary code via the Firmware Update Script at "/etc/init.d/update notifications.sh". Recommendations: For Buffalo LS210D version 1.78-0.03, as a...

Kashipara Food Management System Cross-Site Scripting Vulnerability (CNVD-2024-13476)

Kashipara Food Management System is a food management system from Kashipara. A cross-site scripting vulnerability exists in version 1.0 of the Kashipara Food Management System, which stems from the lack of effective filtering and escaping of user-supplied data in the partyaddress parameter of the...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2020-26628

A Cross-Site Scripting XSS vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile...