27433 matches found
CVE-2024-31651
A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
Campcodes Online Event Management System Cross-Site Scripting Vulnerability
Campcodes Online Event Management System is an online event management system. A cross-site scripting vulnerability exists in Campcodes Online Event Management System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the msg parameter of the...
Student Management System units_view.php File Cross-Site Scripting Vulnerability
Student Management System is a simple web-based student management software. A cross-site scripting vulnerability exists in Student Management System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the FirstRecord parameter of the unitsview.php...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17897)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17893)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-17888)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Cobham SATCOM SAILOR VSAT 跨站脚本漏洞
Cobham SATCOM SAILOR VSAT is a range of maritime satellite communications products from Cobham SATCOM, UK. A cross-site scripting vulnerability exists in Cobham SATCOM SAILOR VSAT Ku version v.164B019, which originates from a vulnerability that allows remote attackers to execute arbitrary code vi...
CVE-2024-30883
CVE-2024-30883 affects RageFrame2 v2.6.43 with a Reflected XSS in the aspectRatio parameter of the image cropping function. Exploitation could allow remote attackers to run arbitrary web scripts or HTML and access sensitive information. Public sources from NVD/Red Hat and third-party advisories c...
WordPress plugin WP Radio 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2024-15727)
IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 23.0.0.3 through 24.0.0.3, which stems from the...
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2024-15725)
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
IBM QRadar SIEM 跨站脚本漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
IBM QRadar SIEM 跨站脚本漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
DzzOffice Cross-Site Scripting Vulnerability (CNVD-2024-15545)
DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations and other features. A cross-site scripting vulnerability exists in dzzoffice...
Sentrifugo description parameter cross-site scripting vulnerability
Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A cross-site scripting vulnerability exists in Sentrifugo version 3.2, which stems from the lack of effective filteri...
GeoServer Cross-Site Scripting Vulnerability
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective filtering and escaping of user-supplied...
OneBlog Lab Module Cross-Site Scripting Vulnerability
OneBlog is a Java blog. OneBlog v2.3.4 version of a cross-site scripting vulnerability , the vulnerability stems from the Lab module under the Category List parameter of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by injecting a...
CVE-2024-28891
SQL injection vulnerability exists in the script HandlerCFG.ashx...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...