EUVD-2023-48108

Malicious code in bioql PyPI...

Design/Logic Flaw

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser...

CVE-2023-43734 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43733 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "companyaddress" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

Security Bulletin: IBM CICS TX Standard is vulnerable to allowing access to a user's web browser session due to insufficiently protected credentials (CVE-2022-34311).

Summary IBM CICS TX Standard could allow access to a user's web browser session due to insufficiently protected credentials. The fix removes this vulnerability CVE-2022-34311 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34311 DESCRIPTION: IBM CICS TX could allow a user with...

Security Bulletin: IBM CICS TX Advanced is vulnerable to allowing access to a user's web browser session due to insufficiently protected credentials (CVE-2022-34311).

Summary IBM CICS TX Advanced could allow access to a user's web browser session due to insufficiently protected credentials. The fix removes this vulnerability CVE-2022-34311 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34311 DESCRIPTION: IBM CICS TX could allow a user with...

KonaWiki3 cross-site scripting vulnerability

KonaWiki3 is a very simple PHP Wiki engine.KonaWiki3 is vulnerable to cross-site scripting. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's Web browser via specially crafted URLs...

Cross site scripting

An internal product security audit of Lenovo XClarity Administrator LXCA discovered a Document Object Model DOM based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The...

CVE-2019-5616

CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) redirect-login mechanism (CVE-2014-6101)

Summary IBM Business Process Manager uses a mechanism to silently login users who have previously authenticated themselves. This mechanism is vulnerable to cross-site scripting attacks. Vulnerability Details CVE ID: CVE-2014-6101 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-si...

JVN#05493467: Simple keitai chat vulnerable to cross-site scripting

Simple keitai chat provided by LEMON-S PHP contains reflected and stored cross-site scripting vulnerabilities CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Simple keitai chat Simple keitai chat is no longer being developed or maintained. It is...

JVN#13684924: BBS X102 vulnerable to cross-site scripting

BBS X102 provided by guide-park.com is a bulletin board software. BBS X102 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using BBS X102 Ver1.03 Since the developer was unreachable, existence of any...

JVN#02216739 Movable Type Enterprise cross-site scripting vulnerability

Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Impact An arbitrary script may be executed on an user's web browser. Solution Update the Software Update...

JVN#66303599 WebCart cross-site scripting vulnerability

WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version provided by the vendor. For more...

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...