321 matches found
CVE-2024-23864 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability...
CVE-2024-23859 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this...
CVE-2024-23855 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability coul...
Cross site scripting
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation...
CentOS 7 : open-vm-tools (RHSA-2023:7279)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7279 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...
CVE-2023-28025
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
Cross site scripting
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
Cross-Site Scripting (XSS)
SPS Commerce is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper serialization of user inputs which allows an attacker to inject and execute malicious scripts...
Cross-site Scripting (XSS)
com.jfinal, jfinal is vulnerable to Cross Site Scripting. The vulnerability exists due to improper validation or sanitization of user inputs which allows attackers to inject malicious JS payloads into the system...
Design/Logic Flaw
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...
SQL Injection
hoteldruid is vulnerable to SQL Injection. The vulnerability is due to there is no sanitization of user inputs in idutentelog POST parameter. This allows an attacker to inject malicious SQL commands, and potentially leads to unauthorized data access...
SQL Injection
hoteldruid is vulnerable to SQL Injection. The vulnerability is due to there is no sanitization of user inputs in annonascita, annoscaddoc, giornonascita, giornoscaddoc, linguacli, mesenascita, and mesescaddoc parameters. This allows an attacker to inject malicious SQL commands, and potentially...
SQL Injection
hoteldruid is vulnerable to SQL injection. The vulnerability is due to there is no sanitization of user inputs in numcaselle POST parameter. This allows an attacker to inject malicious SQL commands, and potentially leads to unauthorized data access...
SQL Injection
hoteldruid is vulnerable to SQL Injection. The vulnerability is due to there is no sanitization of user inputs in nutenteagg POST parameter. This allows an attacker to inject malicious SQL commands, and potentially leads to unauthorized data access...
Cross-Site Scripting (XSS)
hoteldruid is vulnerable to Cross-Site Scripting. The vulnerability due to insufficient validation or sanitization of user inputs, in the destinatarioemail1 POST parameter. This allows attackers to inject and execute malicious scripts within the application...
RHEL 8 : open-vm-tools (RHSA-2023:7261)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7261 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...
RHEL 8 : open-vm-tools (RHSA-2023:7262)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7262 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...
RHEL 9 : open-vm-tools (RHSA-2023:7277)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7277 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...
CVE-2023-46097
A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database...