EUVD-2022-4006

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-38057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript...

SUSE CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

UBUNTU-CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

CVE-2023-38057 XSS stored in survey answers

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

CVE-2023-38057 XSS stored in survey answers

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

SUSE CVE-2015-5336

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

BigCommerec Interspire Email Marketer SQL注入漏洞

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. BigCommerec Interspire Email Marketer version 6.0.0 suffers from a SQL injection vulnerability that originates from allowing SQL injection in the survey module, which can be exploited by an...

GHSA-GRVW-QQ2J-R898 Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

CVE-2021-21434 XSS in Survey Module

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface i.e. another agent who wants to make changes in the survey. This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions...

Cross-site Scripting (XSS)

Moodle is vulnerable to cross-site scripting XSS. Authenticated attackers can leverage a flaw in the survey module and the student role to inject web script into a survey answer...

CVE-2015-5336

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

UBUNTU-CVE-2015-5336

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

CVE-2015-5336

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

CVE-2015-5336

Moodle has multiple XSS vulnerabilities in the survey module identified as CVE-2015-5336. Affected versions include Moodle up to 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3. The issue allows remote authenticated users (leveraging the student role) to inject arbit...

PHP-Nuke 6.x/7.0 Survey Module SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9305/info A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is insufficient...