27433 matches found
CVE-2024-48068
CVE-2024-48068 concerns a cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co., LTD Landray EKP v16 and earlier. The issue allows an attacker to execute arbitrary web scripts or HTML via a crafted payload. Affected product: Landray EKP v16 and earlier (Office automation solut...
CVE-2024-42834
A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-45898)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
The vulnerability of the cgi_user_add function in the CGI script /cgi-bin/account_mgr.cgi?cmd=cgi_user_add allows a hacker to execute arbitrary commands. This vulnerability affects microprogrammed devices from the D-Link series: DNS-320, DNS-320LW, DNS-325, and DNS-340L.
The vulnerability of the cgiuseradd function in the CGI script /cgi-bin/accountmgr.cgi?cmd=cgiuseradd in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this...
pfSense 跨站脚本漏洞
pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in pfSense version v2.5.2, which stems from vulnerability to cross-site scripting attacks and allows an attacker to execute arbitrary web script or HTML via a crafted payload...
Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:16) - Remote Known Vulnerable Versions Check
Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Qnap QTS Cross-site Scripting (CVE-2017-7631)
Cross-site scripting XSS vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. This plugin only works with Tenable.ot. Please visit...
CVE-2024-48933
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...
CVE-2024-48933
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...
CVE-2024-48933
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...
CVE-2024-48933
LemonLDAP::NG is affected by CVE-2024-48933: an XSS in the login page via username when userControl allows special HTML characters. Affected versions are prior to 2.19.3. Remediation is to upgrade to a fixed release (e.g., 2.19.3+; later advisories mention 2.20.1 as a fix). The issue is a client-...
CVE-2024-48933
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...
CVE-2024-48933
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...
CVE-2024-41514
A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...
CVE-2024-41515
A reflected cross-site scripting XSS vulnerability in "ccHandlerResource.ashx" in CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "resurl" parameter...
CVE-2024-41516
A Reflected cross-site scripting XSS vulnerability in "ccHandler.aspx" CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter...
CVE-2024-47854
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...
CVE-2024-41515
A reflected cross-site scripting XSS vulnerability in "ccHandlerResource.ashx" in CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "resurl" parameter...
CVE-2024-41514
A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...
CVE-2024-41515
A reflected cross-site scripting XSS vulnerability in "ccHandlerResource.ashx" in CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "resurl" parameter...