PT-2023-19384 · Nosh · Nosh

Name of the Vulnerable Software and Affected Versions: NOSH version 4a5cfdb Description: The issue allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the "/users/2/1" page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 First name or 2 Last name field in the HUE Users page...