CVE-2023-47164

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

CVE-2023-47164

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

PT-2023-32168 · Moodle +8 · Moodle +3

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns a stored XSS risk in the quiz grading report, where ID numbers were not properly sanitized. This could potentially allow for malicious script execution. Recommendations:...

CVE-2023-46244

CVE-2023-46244 relates to a privilege-escalation in XWiki Platform where a user with only script permissions could cause velocity content to execute with the right of another document author, potentially returning the title as the unmodified document but instead exposing the attacker to the prote...

Rocky Linux 8 : firefox (RLSA-2022:1705)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1705 advisory. - Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prom...

CVE-2022-48192

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script JavaScript, VBScript in the context of the application...

Cross site scripting

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script JavaScript, VBScript in the context of the application...

Online Examination System feed.php Page SQL Injection Vulnerability

Online Examination System is an online examination system. Online Examination System v1.0 suffers from a SQL injection vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the email parameter of the feed.php page, which can be exploited by an...

Rocky Linux 9 : libreoffice (RLSA-2023:0304)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0304 advisory. - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only...

PT-2023-9189 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a lack of protection for the web page structure in the Thumbnails component of the Redmine web application, allowing for cross-site...

CVE-2023-41357

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service allows a attacker to perform XSS attacks.

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service relates to the failure to take measures to neutralize the script in the web page’s attributes. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

PT-2023-22107 · Document Foundation · Libreoffice

Name of the Vulnerable Software and Affected Versions: LibreOffice versions prior to 7.4.5 Description: Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in...

CVE-2023-20206

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

CVE-2023-20005

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...