CVE-2023-41153

A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options...

WordPress Sunny Search plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

HumbertoCaldas CMS 0.1.3 Cross Site Scripting

==================================================================================================================================== | Title : HumbertoCaldas Cms v0.1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

PT-2023-26713 · Badaso · Badaso

Name of the Vulnerable Software and Affected Versions: Badaso version 2.9.7 Description: A stored cross-site scripting XSS issue in the Edit Category function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. Recommendations: For...

CVE-2023-39707

CVE-2023-39707 concerns a stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0, allowing an attacker to inject arbitrary web scripts via the Add Expense field under Expense. The issue is tied to how input is handled in that parameter, enabling s...

CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

Online Travel Agency System Cross-Site Scripting Vulnerability

Online Travel Agency System is an online travel agency system. Online Travel Agency System v1.0 version of a cross-site scripting vulnerability, the vulnerability stems from the insert.php parameter description of the user-supplied data lack of effective filtering and escaping, an attacker can...

phpRecDB Cross-Site Scripting Vulnerability

phpRecDB is a free php script from phpRecDB Inc. It is used to create a real-time record collection website. A cross-site scripting vulnerability exists in phpRecDB version 1.3.1, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter r/view of the fi...

ZOHO ManageEngine Password Manager Pro Cross-Site Scripting Vulnerability

ZOHO ManageEngine Password Manager Pro is a password manager from ZOHO USA. ZOHO ManageEngine Password Manager Pro suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the query report function, which can be...

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2023-64218)

ChurchCRM is an open source CRM system for churches. A cross-site scripting vulnerability exists in ChurchCRM version 4.2.1, which stems from the lack of effective filtering and escaping of user-supplied data in the Add New Deposit field of the View All Deposit module, and can be exploited by an...

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2023-64115)

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS version 1.11.3, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter admuser, and can be exploited by an attacke...

CrafterCMS is an open source headless CMS for enterprise-level websites and other content-driven digital experiences, especially those that are high-performance, large-scale and ultra-secure. CrafterCMS suffers from a cross-site scripting vulnerability in versions 3.1.0 through 3.1.27 and 4.0.0 through 4.0.2. The vulnerability is due to improper neutralization of inputs during page generation allowing for reflected XSS.No detailed vulnerability details are available at this time.

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Netbox Cross-Site Scripting Vulnerability

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in Netbox version v3.4.7, which originated from a vulnerability that allows attackers to execute arbitrary web script ...

Cross-Site Scripting (XSS)

odoo is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability allows a remote attacker to inject arbitrary web script via the browser of a victim, by posting crafted content...

Cleaning Business Software Cross-Site Scripting Vulnerability

Cleaning Business Software is PHPJabbers open source a cleaning business software. Cleaning Business Software v1.0 version of the existence of cross-site scripting vulnerabilities , the vulnerability stems from the file / index.php parameter index of the user-supplied data lack of effective...

Simple Online Mens Salon Management System Cross-Site Scripting Vulnerability

Simple Online Mens Salon Management System is open source a men's salon management system . Simple Online Mens Salon Management System v1.0 version of a cross-site scripting vulnerability , the vulnerability stems from the file /admin/?page=user/list parameter First Name/Last Name/Username on the...

Moxa Industrial Managed Switch Cross-site Scripting (CVE-2015-6466)

Cross-site scripting XSS vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. This plugin only works with Tenable.ot...

Security Bulletin: IBM TRIRIGA Application Platform suseptable to clickjacking (CBE-2017-4015)

Summary TRIRIGA could allow a remote authenticated attacker to hijack the clicking action of the victim, caused by improper validation of user supplied HTTP response header Vulnerability Details CVEID:CVE-2017-4015 DESCRIPTION: McAfee Network Data Loss Prevention could allow a remote authenticate...