27433 matches found
Canon Medical Vitrea View Cross-Site Scripting Vulnerability
Canon Medical Vitrea View is a DICOM network-enabled enterprise viewing solution from Canon, Japan. A cross-site scripting vulnerability exists in Canon Medical Vitrea View, which is used to visually display DICOM and multimedia images. An attacker could use this vulnerability to execute arbitrar...
CVE-2022-39988
A cross-site scripting XSS vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the ServiceTemplates servicealias parameter...
CVE-2022-42247
pfSense v2.5.2 contains a cross-site scripting (XSS) vulnerability in the browser.php component, allowing arbitrary web scripts or HTML to be executed via a crafted payload injected into a file name. The issue is documented in several sources (e.g., NVD, Red Hat, OSV, CVE lists). Connected docume...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the 2 groupID, 3 offset, or 4 limit parameter to a...
CVE-2022-37461
Canon Medical Vitrea View is affected: XSS in Vitrea View 7.x before 7.7.6 can be triggered via the error subdirectory path or by parameters (groupID, offset, limit) in the Administrative Panel, potentially allowing access to patient information. Affected versions are 7.x up to 7.7.5; remediation...
CVE-2022-28978
Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...
Cross site scripting
Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...
PT-2022-25170 · Sourcecodester · Sourcecodester Simple Task Managing System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Task Managing System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter in the newProjectValidation.php component. Thi...
WordPress KingComposer Plugin Cross-site Scripting (CVE-2020-15299)
A cross-site scripting vulnerability exists in WordPress KingComposer plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Cross site scripting
Multiple persistent cross-site scripting XSS vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname"...
CVE-2022-36254
The connected PT-2022-23273 entry provides concrete details for CVE-2022-36254: tramyardg Hotel Management System 1.0 (index.php) is vulnerable to persistent XSS via the fullname parameter, enabling remote script/HTML injection. Affected component is index.php; root cause is improper handling of ...
CVE-2022-38256
TastyIgniter v3.5.0 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-19914
Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...
Cross site scripting
Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...
CVE-2020-19914
CVE-2020-19914 concerns XiunoBBS 4.0.4 with a Cross Site Scripting (XSS) vulnerability exploitable through the attachment upload function, enabling remote script/HTML execution in the browser. The evidence across sources confirms the affected product and impact as described; exploitation status i...
Cross site scripting
A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...
CVE-2022-35493
CVE-2022-35493 affects eShop - Multipurpose Ecommerce Store Website version 3.0.4. Nuclei template and Red Hat/NVD references identify a reflected Cross-Site Scripting (XSS) vulnerability in the json search parse and the json response, exploitable via the get_products?search parameter on wrteam.i...
Student Management System 跨站脚本漏洞
Student Management System is a simple web-based student management software by the individual developer of Sk.Amir Hamza, Bangladesh. A security vulnerability exists in Student Management System version v1.0, which originates in navbaraction.php and allows attackers to execute arbitrary web scrip...
Enhancesoft osTicket 跨站脚本漏洞
Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket, which stems from its component audit/class.audit.php that allows attackers to execute arbitrary web script or HTML via a crafted SVG file...
Jenkins Credentials Plugin Cross-site Scripting (CVE-2022-29036)
A cross-site scripting vulnerability exists in Jenkins Credentials Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...