Cross site scripting

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...

Cross site scripting

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...

Online Payroll System Cross-Site Scripting Vulnerability

Online Payroll System is a system for distributing payroll online. A cross-site scripting vulnerability exists in Online Payroll System. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in /admin/employeeedit.php, which can be exploited to execute...

Online Computer and Laptop Store Cross-Site Scripting Vulnerability (CNVD-2023-29393)

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in...

Online Payroll System Cross-Site Scripting Vulnerability (CNVD-2023-29397)

Online Payroll System is a system for distributing payroll online. A cross-site scripting vulnerability exists in Online Payroll System, which stems from the lack of effective filtering and escaping of user-supplied data in /admin/deductionedit.php, and can be exploited by attackers to execute...

Online Payroll System Cross-Site Scripting Vulnerability (CNVD-2023-29399)

Online Payroll System is a system for distributing payroll online. A cross-site scripting vulnerability exists in Online Payroll System. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in /admin/employeeadd.php, which can be exploited to execute...

CVE-2023-24721

A cross-site scripting XSS vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML...

CVE-2023-24721

A cross-site scripting XSS vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and...

CVE-2023-27245

A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...

Cross site scripting

A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...

File Management Project 跨站脚本漏洞

FileOrbis File Management System is a file server management product from FileOrbis. A security vulnerability exists in File Management Project version 1.0.0. An attacker can exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML...

Cross site scripting

A cross-site scripting XSS vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module...

WordPress Bookly Plugin < 21.5.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:booking-wp-plugin:bookly"; if description...

Cross site scripting

The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...