5 matches found
Cross site scripting
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...
CVE-2023-2686
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack...
Cross site scripting
Cross-site scripting vulnerability in GROWI v4.2 Series versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors...
JVN#57544707: GROWI vulnerable to cross-site scripting
GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Products Affect...
JVN#12884935: FileZen vulnerable to directory traversal
FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability CWE-22. Impact A remote attacker may upload an arbitrary file in the specific directory in the product. If a specialy...