CVE-2023-34657

A stored cross-site scripting XSS vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the webrecordnum parameter...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-54543)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...

Wolters Kluwer TeamMate+ 跨站脚本漏洞

Wolters Kluwer TeamMate+ is a financial audit management software from Wolters Kluwer, a Dutch company. A security vulnerability exists in Wolters Kluwer TeamMate+ version 35.0.11.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

Bludit 代码问题漏洞

Bludit is an open source lightweight blog content management system CMS. A code issue vulnerability exists in Bludit v3.14.1, which stems from an arbitrary file upload vulnerability in the component /admin/new-content that allows an attacker to execute arbitrary web script or HTML by uploading a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input...

miniCal Cross-Site Scripting Vulnerability

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

miniCal 跨站脚本漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

Cross-site Scripting (XSS)

com.liferay.oauth2.provider.service is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in the library, which allows an attacker to inject and execute malicious web script or HTML via the code or error parameters...

CVE-2023-33736

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...

Pleasanter 跨站脚本漏洞

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter 1.3.38.1 and earlier versions, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary scripts on a...

CVE-2023-31548

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

CVE-2023-33780

A stored cross-site scripting XSS vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article...

CVE-2023-33751

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php...

CVE-2023-33750

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...

CVE-2023-33793

A stored cross-site scripting XSS vulnerability in the Create Power Panels /dcim/power-panels/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-25598

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the home.php page. A successful...

CVE-2023-31457

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

CVE-2023-33829

A stored cross-site scripting XSS vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...