Lucene search
+L

13 matches found

redhatcve
redhatcve
added 2026/01/09 9:30 a.m.9 views

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

5.4CVSS7.1AI score0.00436EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-32656

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00436EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-20709

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00499EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/23 10:9 a.m.7 views

CVE-2024-23190

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...

5.4CVSS6.9AI score0.00499EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/04/08 8:9 a.m.12 views

CVE-2024-23190

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...

5.4CVSS6.8AI score0.00499EPSS
Exploits0References4
cvelist
cvelist
added 2024/04/08 8:9 a.m.29 views

CVE-2024-23190

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...

5.4CVSS5.8AI score0.00499EPSS
Exploits0References4
nvd
nvd
added 2024/01/08 9:15 a.m.31 views

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

5.4CVSS5.6AI score0.00436EPSS
Exploits0References3
prion
prion
added 2024/01/08 9:15 a.m.20 views

Code injection

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

4.9CVSS7.3AI score0.00436EPSS
Exploits0References2Affected Software1
prion
prion
added 2024/01/08 9:15 a.m.17 views

Code injection

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this...

4.9CVSS7.1AI score0.00436EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/01/08 9:4 a.m.32 views

CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this...

5.4CVSS5.8AI score0.00436EPSS
Exploits0References2
cve
cve
added 2024/01/08 9:4 a.m.51 views

CVE-2023-29052

The CVE-2023-29052 issue is an Open-Xchange App Suite frontend cross-site scripting vulnerability arising from disclaimer texts in an upsell dialog that could contain unsanitized script code. Affected component: App Suite frontend (notably Open-Xchange App Suite frontend version 7.10.6-rev34 per ...

5.4CVSS5.6AI score0.00436EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2024/01/08 9:4 a.m.3 views

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

5.4CVSS7.3AI score0.00436EPSS
Exploits0References2
osv
osv
added 2024/01/08 9:4 a.m.29 views

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for thi...

5.4CVSS7.1AI score0.00436EPSS
Exploits0References5
Rows per page
Query Builder