CVE-2024-7938

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-5624 Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL

Reflected Cross-Site Scripting XSS in Shift Logbook application of B&R APROL = R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session...

Reflected Cross-Site Scripting (XSS) in zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

CVE-2023-28447

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53542)

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

Cisco Identity Services Engine XSS (cisco-sa-ise-xxs-mf5cbYx5)

A cross-site scripting XSS vulnerability exists in Cisco Identity Services Engine web-based management interface due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to click a specially crafted UR...

Kentico CMS < 12.0.50 XSS

According to its self-reported version number, the version of Kentico CMS on the remote host is prior to 12.0.50. It is, therefore, affected by a cross-site scripting XSS vulnerability due to the Content-Type header being inconsistent with the file extension. An unauthenticated, remote attacker c...

Cisco Unity Connection Web Framework XSS (cisco-sa-20191002-cuc-xss)

A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session...

PHP 7.0.x < 7.0.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessio...

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery

!-- DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 buil...

Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities

According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.1. It is, therefore, affected by multiple vulnerabilities : - A remote command injection vulnerability exists in the web administration interface in the...

Serendipity < 2.1.1 Multiple Vulnerabilities

According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...

Cisco Unified Communications Manager XSS (cisco-sa-20170517-ucm)

According to its self-reported version, the Cisco Unified Communications Manager CUCM running on the remote device is affected by a cross-site scripting XSS vulnerability in the web-based management interface due to improper validation of user-supplied input before returning it to users. An...

Dolibarr <= 4.0.4 Multiple Vulnerabilities - Active Check

Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; ifdescription...

Mozilla Firefox < 50.1 Multiple Vulnerabilities

Binary data 9851.prm...

ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting

Exploit for jsp platform in category web applications !-- ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 5.3.12252 Summary: ZKAccess Systems ar...