Open-Xchange AppSuite Cross-Site Scripting Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-Xchange AppSuite that stems from a vulnerability that allows an attacker to execut...

PT-2023-20638 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from the lack of sanitization or escaping of the user's clientID at "application passwords" before it is added to the DOM. This allows...

PT-2023-20637 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to frontend themes defined by user-controllable jslob settings, which could point to a malicious resource and get processed during...

PT-2023-20643 · Unknown · Ox Count Web Service

Name of the Vulnerable Software and Affected Versions: OX Count web service affected versions not specified Description: The issue arises from the OX Count web service not specifying a media-type when processing responses from external resources. This allows malicious script code to be executed...

PT-2023-20640 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from custom log-in and log-out locations defined as jslob, which were not checked for malicious protocol handlers. This oversight allow...

PT-2023-20641 · Ox Chat · Ox Chat

Name of the Vulnerable Software and Affected Versions: OX Chat affected versions not specified Description: The issue arises from the "OX Chat" web service not specifying a media-type when processing responses from external resources, allowing malicious script code to be executed within the...

CVE-2023-3670

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users...

3s-smart Software Solutions CODESYS Development System 安全漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for use in the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A security vulnerability exists in the CODESYS Development System that stems from an insecure...

PT-2023-25687 · 3S Smart Software Solutions · Codesys Development System +1

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.9.0 through 3.5.17.0 CODESYS Scripting versions 4.0.0.0 through 4.1.0.0 Description: The issue is related to unsafe directory permissions in the affected software. This could allow an attacker with loca...

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content...

CVE-2023-38491 Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content...

PT-2023-26472

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 3.5.8.3 Kirby versions prior to 3.6.6.3 Kirby versions prior to 3.7.5.2 Kirby versions prior to 3.8.4.1 Kirby versions prior to 3.9.6 Description The issue affects Kirby sites that allow file uploads from untrusted user...

CVE-2022-31456

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter...

PT-2023-13038 · Trudesk · Trudesk

Name of the Vulnerable Software and Affected Versions: Truedesk version 1.2.2 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. Recommendations: For Truedesk version 1.2.2, consider disabling th...

Cross site scripting

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

Assembly Software Trialworks 跨站脚本漏洞

Assembly Software Trialworks is a feature-rich legal case management platform built by experienced trial attorneys from Assembly Software USA. A security vulnerability exists in Assembly Software Trialworks version v11.4, which stems from the presence of a cross-site scripting XSS vulnerability...

CVE-2023-37613

CVE-2023-37613 describes an XSS vulnerability in Assembly Software Trialworks v11.4, where an attacker can inject a crafted payload into the asset src parameter to execute arbitrary web scripts/HTML in the victim’s browser. The connected sources consistently identify the affected product/version ...

Esri ArcGIS Enterprise 跨站脚本漏洞

Esri ArcGIS Enterprise is esri's set of GIS geographic information system of the basic software system. A cross-site scripting vulnerability exists in Esri ArcGIS Enterprise that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by...