27433 matches found
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9571000)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...
Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...
PT-2023-7584 · Totolink · Totolink X5000R
Name of the Vulnerable Software and Affected Versions: Totolink X5000R version 9.1.0cu.2300 B20230112 Description: A critical issue affects the function...
Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...
CVE-2023-6197
CVE-2023-6197 affects the Audio Merchant WordPress plugin (versions ≤ 5.0.4). The issue is Cross-Site Request Forgery caused by missing or incorrect nonce validation in audio_merchant_save_settings, enabling unauthenticated attackers to modify plugin settings and inject scripts via forged request...
GaatiTrack Courier Management System Cross-Site Scripting Vulnerability
GaatiTrack Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in GaatiTrack Courier Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...
CVE-2023-47797
Reflected cross-site scripting XSS vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the plbackurltitle parameter...
CVE-2023-47797
Reflected cross-site scripting XSS vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the plbackurltitle parameter...
CVE-2023-47797
Reflected cross-site scripting XSS vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the plbackurltitle parameter...
CVE-2023-47797
Reflected cross-site scripting XSS vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the plbackurltitle parameter...
phpMyFAQ FileName parameter cross-site scripting vulnerability
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the FileName parameter of the file attachment upload function, an...
phpMyFAQ action parameter cross-site scripting vulnerability
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the action parameter of admin/index.php?action=, and can be...
CVE-2023-47099
A Stored Cross-Site Scripting XSS vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server...
CVE-2023-47095
A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...
CVE-2023-47096
A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...
CVE-2023-47094
A Stored Cross-Site Scripting XSS vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details...
CVE-2023-47097
A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...
CVE-2023-47098
A Stored Cross-Site Scripting XSS vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field...
Cross site scripting
A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...