CVE-2023-27760

CVE-2023-27760 affects Wondershare Filmora 12.0.9. The issue enables a local attacker to execute arbitrary commands via the filmora_setup_full846.exe installer/executable. The vulnerability is described as a command execution pathway in the installer, with impact described as high confidentiality...

Cross site scripting

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover...

CVE-2022-23057 ERPNext - Stored XSS in My Profile

In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting XSS, due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile...

Cross site scripting

A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...