CVE-2023-27075

A cross-site scripting vulnerability XSS in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-30094

A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...

CVE-2023-30097

CVE-2023-30097 concerns TotalJS messenger. The vulnerability is a stored cross-site scripting (XSS) issue in the messenger, exploitable via a crafted payload injected into the private task field (commit b6cf1c9). Affected software is TotalJS messenger; underlying cause is stored XSS; impact is ex...

MicroBin 跨站脚本漏洞

MicroBin is an ultra-compact, feature-rich, configurable, self-contained and self-hosted pastebin web application from the individual developer Dániel Szabó. A security vulnerability exists in MicroBin version v1.2.0, which stems from a security issue in the component microbin/src/pasta.rs, and c...

CVE-2023-30095

CVE-2023-30095 affects TotalJS Messenger (commit b6cf1c9). It describes a stored XSS vulnerability in the channel description field, allowing an attacker to execute arbitrary web scripts or HTML in the context of the affected app. The vulnerability is evidenced across multiple sources, including ...

CVE-2023-30096

CVE-2023-30096 concerns a stored XSS in TotalJS Messenger (commit b6cf1c9). The vulnerability arises in the user information field, allowing an attacker to inject crafted payloads that execute arbitrary web scripts/HTML when processed by the vulnerable component. Reported impact is limited to cli...

Cross site scripting

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

CVE-2023-30205

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

ASUS RT-AC51U 跨站脚本漏洞

The ASUS RT-AC51U is a wireless router from the Chinese company ASUS. A cross-site scripting vulnerability exists in ASUS RT-AC51U 3.0.0.4.380.8591 and earlier versions, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an...

Aigital Wireless-N Repeater Mini_Router 跨站脚本漏洞

Aigital Wireless-N Repeater Mini-Router is a wireless router repeater from Aigital. A security vulnerability exists in Aigital Wireless-N Repeater MiniRouter version v0.131229, which stems from the presence of a cross-site scripting XSS vulnerability. An attacker could exploit this vulnerability ...

CVE-2023-30405

A cross-site scripting XSS vulnerability in Aigital Wireless-N Repeater MiniRouter v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wlssid parameter at /boafrm/formHomeWlanSetup...

CVE-2023-24836

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service...

CVE-2023-24836

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service...

Service Provider Management System 跨站脚本漏洞

Service Provider Management System is a web-based application by Carlo Montero, an individual developer. It is designed to provide dynamic websites for service provider companies. A cross-site scripting vulnerability exists in Service Provider Management System version 1.0, which originates from...

PT-2023-19816 · Unknown · Sunnet Ctms

Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...

Cisco Prime Collaboration Deployment 跨站脚本漏洞

Cisco Prime Collaboration Deployment is a GUI interface from Cisco USA. It allows users to perform tasks such as migrations or upgrades on a list of servers. A cross-site scripting vulnerability exists in Cisco Prime Collaboration Deployment that stems from not properly validating user-supplied...

CVE-2022-27979

A cross-site scripting XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component...

CLTPHP 跨站脚本漏洞

CLTPHP is an open source and efficient site-building PHP content management system. CLTPHP version 6.0 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the file Changyan.php on the lack of effective user-supplied data filtering and escaping, an attacker ca...

CVE-2023-30417

A cross-site scripting XSS vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message...