5210 matches found
Cross site scripting
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
CVE-2022-41472
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
CVE-2022-35612
A cross-site scripting XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field...
CVE-2022-41392
A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...
Cross site scripting
A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...
CVE-2022-41392
The CVE-2022-41392 entry affects TotalJS (commit 8c2c8909). The vulnerability is an XSS flaw exposed via the Website name field in Main Settings, where a crafted payload can execute arbitrary web scripts or HTML. Core details specify the vulnerable component and version (TotalJS 8c2c8909) and des...
CVE-2022-42247
pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...
CVE-2022-42247
pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...
Cross site scripting
pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...
PT-2022-26332 · Pfsense · Pfsense
Name of the Vulnerable Software and Affected Versions: pfSense version 2.5.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name, due to a cross-site scripting XSS vulnerability in the browser.php component...
Centreon contains cross-site scripting vulnerability via esc_name parameter
Centreon v20.10.18 was discovered to contain a cross-site scripting XSS vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Versions...
CVE-2022-40044
Centreon v20.10.18 was discovered to contain a cross-site scripting XSS vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
Cross site scripting
Centreon v20.10.18 was discovered to contain a cross-site scripting XSS vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2022-40044
Centreon v20.10.18 was discovered to contain a cross-site scripting XSS vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2022-40044
Centreon v20.10.18 was discovered to contain a cross-site scripting XSS vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
Cross site scripting
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...
Liferay Portal and Liferay DXP Vulnerable to XSS via Tag Name
A cross-site scripting XSS vulnerability in Liferay Asset Taglib before v6.1.9 from Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag...
GHSA-8MP9-W7GR-PVJ3 Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix
Multiple cross-site scripting XSS vulnerabilities in Liferay Fragment Renderer Collection Filter Implementation before v1.0.11 from Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...
Cross site scripting
Simple College Website v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /collegewebsite/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...
CVE-2022-40088
Simple College Website v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /collegewebsite/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...