27433 matches found
CVE-2024-47854
CVE-2024-47854 describes a reflected XSS vulnerability in Veritas Data Insight before 7.1. The issue allows a remote attacker to inject arbitrary web script into an HTTP request, which could be reflected to an authenticated user if executed, due to insufficient sanitization. Affected software: Ve...
CVE-2024-47854
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...
CVE-2024-47854
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...
CVE-2024-41516
A Reflected cross-site scripting XSS vulnerability in "ccHandler.aspx" CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter...
CVE-2024-41513
A reflected cross-site scripting XSS vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter...
CVE-2024-41514
A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...
CVE-2024-41516
CVE-2024-41516 is a reflected XSS in CADClick
CVE-2024-41513
CADClick v1.11.0 and earlier is affected by a reflected XSS in Artikel.aspx, exploitable via the searchindex parameter. The vulnerability (CVE-2024-41513) allows remote attackers to inject script/HTML, with CVSS:3.1 base score 5.4 (Network, Low skill, Privileges required: Low, User interaction re...
CVE-2024-41514
CADClick v1.11.0 and earlier is affected by a reflected XSS in PrevPgGroup.aspx, exploitable via the wer parameter to inject arbitrary script/HTML. Affected component: PrevPgGroup.aspx on CADClick; root cause: reflected XSS. Impact stated: remote attackers can run script in the victim’s browser (...
PT-2024-32853 · Veritas · Veritas Data Insight
Name of the Vulnerable Software and Affected Versions: Veritas Data Insight versions prior to 7.1 Description: A security issue was discovered that allows a remote attacker to inject an arbitrary web script into an HTTP request, which could reflect back to an authenticated user without sanitizati...
Synology DiskStation Manager Improper Neutralization of Input During Web Page Generation (CVE-2017-16774)
Cross-site scripting XSS vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager DSM before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. This plugin only works with Tenable.ot. Please visit...
Synology DiskStation Manager Improper Neutralization of Input During Web Page Generation (CVE-2018-13293)
Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. This plugin only works with Tenable.ot. Please visit...
Synology DiskStation Manager Cross-site Scripting (CVE-2018-8917)
Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...
Synology DiskStation Manager Cross-site Scripting (CVE-2012-1556)
Cross-site scripting XSS vulnerability in Synology Photo Station 5 for DiskStation Manager DSM 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photoone.php. This plugin only works with Tenable.ot. Please visit...
CVE-2024-46333
An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...
SAP NetWeaver AS Cross-Site Scripting Vulnerability (CNVD-2024-49630)
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS suffers from a cross-site scripting vulnerability that stems from insufficient coding of user control input, which can be exploited ...
NetIQ Advanced Authentication Cross-Site Scripting Vulnerability
NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A cross-site scripting vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which stems from ...
Fortinet FortiSOAR Cross-Site Scripting Vulnerability (CNVD-2025-00411)
Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet. Fortinet FortiSOAR suffers from a cross-site scripting vulnerability that originates from entering an incorrect neutralization during web page generation. A remote attacker could exploit this...
Kashipara Music Management System Cross-Site Scripting Vulnerability (CNVD-2024-37431)
Kashipara Music Management System is a music management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Music Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the title and description parameters of...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37811)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...