Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details...

Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field...

CVE-2023-4390

Affected product: WordPress Popup box plugin (versions before 3.7.2). Vulnerability: admin+ stored cross-site scripting due to insufficient sanitization/escaping of certain Popup fields, enabling arbitrary script injection even when unfiltered_html is disallowed (notably in multisite setups). Imp...

CVE-2023-47096

A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...

Gougucms Cross-Site Scripting Vulnerability

gougucms is a Chinese hook open source open source set based on ThinkPHP6 + Layui + MySql to build a lightweight general-purpose back-office management framework. gougucms v4.08.18 version of the existence of cross-site scripting vulnerability , the vulnerability stems from the application of the...

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

CVE-2023-47094

A Stored Cross-Site Scripting XSS vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details...

CVE-2023-47097

A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...

CVE-2023-47098

A Stored Cross-Site Scripting XSS vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field...

CVE-2023-47094

A Stored Cross-Site Scripting XSS vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details...

CVE-2023-47097

A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...

CVE-2023-46510

An issue in ZIONCOM Hong Kong Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS v.9.2.1, which stems from the lack of effective filtering and escaping of user-supplied data by t...

BIT-2023-42627

Multiple stored cross-site scripting XSS vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a 1...

BIT-2023-42497

Reflected cross-site scripting XSS vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the...

Evolution CMS Cross-Site Scripting Vulnerability (CNVD-2023-85602)

Evolution CMS is an open source PHP-based content management system CMS. Evolution CMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the uid parameter, which can be exploited by an attacker to execute...

CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

Cross site scripting

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

CVE-2023-45471

The CVE-2023-45471 entry describes a Stored XSS flaw in QAD Search Server up to version 1.0.0.315 caused by insufficient index validation, allowing unauthenticated attackers to create an index and inject script that runs when users load the search page. Multiple connected documents corroborate th...