27433 matches found
SUSE CVE-2015-8393
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...
SUSE CVE-2018-0618
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2023-24234
CVE-2023-24234 affects Inventory Management System v1, specifically the php-inventory-management-system/brand.php component. The vulnerability is a stored XSS that allows an attacker to inject arbitrary web scripts or HTML via the Brand Name parameter. Reported impact is execution of scripts with...
CVE-2022-46624
CVE-2022-46624 affects Online Graduate Tracer System v1.0.0 and is described as a cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary web scripts or HTML through a crafted payload injected into the name parameter. Connected sources corroborate that the affected v...
CVE-2022-46889
A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...
CVE-2022-46889
A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...
CVE-2022-46888
Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...
CVE-2022-46888
Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...
CVE-2022-46889
A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...
EUVD-2022-49668
Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...
CVE-2022-46889
CVE-2022-46889 affects NexusPHP prior to 1.7.33, with a persistent XSS in the title parameter of /subtitles.php exploited by remote authenticated attackers to inject arbitrary script/HTML. The issue is mitigated by upgrading to version 1.7.33 or later (see PT-2023-15096). Exploitation status is n...
CVE-2022-46889
A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...
CVE-2022-46888
CVE-2022-46888 concerns NexusPHP versions before 1.7.33 with multiple reflected XSS vulnerabilities. An attacker can inject arbitrary script/HTML via parameters in several endpoints: /login.php (secret), /user-ban-log.php (q), /log.php (query), /moresmiles.php (text), /myhr.php (q), and /viewrequ...
CVE-2022-3904
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics...
CVE-2022-42704
A cross-site scripting XSS vulnerability in Employee Service Center esc and Service Portal sp in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget...
CVE-2022-46622
A cross-site scripting XSS vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...
PT-2023-15895 · Unknown · Capsadmin Pac3
Name of the Vulnerable Software and Affected Versions: CapsAdmin PAC3 affected versions not specified Description: A problematic issue was found in CapsAdmin PAC3, affecting some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the url argument leads to...
CVE-2021-43657
A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...
CVE-2022-45033
CVE-2022-45033 refers to an XSS vulnerability in Expense Tracker 1.0 that enables an attacker to inject and execute arbitrary web scripts or HTML via the Chat text field. The root cause is improper input sanitization in the Chat field, enabling script execution in the victim’s browser. Affected s...
Cross site scripting
Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...