53 matches found
CVE-2020-23814
Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...
EUVD-2020-17976
Malware in sbrugna...
CVE-2024-47590
An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser XXS or transmitted to...
CVE-2024-2259 Reflected XXS Vulnerability in InstaRISPACS Software
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerabl...
CVE-2024-2259 Reflected XXS Vulnerability in InstaRISPACS Software
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerabl...
CVE-2024-41910
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used...
CVE-2024-41910
The CVE-2024-41910 entry refers to Poly Clariti Manager devices, with firmware builds up to 10.10.2.2 affected. The connected documents specify multiple cross-site scripting (XSS) vulnerabilities in the JavaScript used by the firmware. There are no explicit exploitation details provided in the do...
CVE-2024-41910
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used...
CVE-2023-34412 Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...
marches-securises.fr Cross Site Scripting vulnerability OBB-3578132
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
short.sabbertran.de Cross Site Scripting vulnerability OBB-3230105
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2022-10521 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: Feehi CMS versions 2.1.1 and earlier Description: The issue allows attackers to run arbitrary code via the user name field of the "/login" API endpoint. This is a Cross Site Scripting XSS issue, which means attackers can inject malicious...
support.cityofames.org Cross Site Scripting vulnerability OBB-2496914
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-29104
ArcGIS Server Manager stored Cross-Site Scripting (XXS) vulnerability affects ArcGIS Server Manager 10.8.1 and earlier. A remote, unauthenticated attacker could pass and store malicious strings in the ArcGIS Server Manager application due to the stored XXS flaw. Remediation is available via the A...
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/contact-form-by-supsystic.1.7.5.zip Version: 1.7.5 Tested on:...
openSUSE Security Update : otrs (openSUSE-2020-1475)
Otrs was updated to 5.0.42, fixing lots of bugs and security issues : https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10 : - Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset...
arabiasaudita2.web.at.it Cross Site Scripting vulnerability OBB-1259923
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
xxhwxw.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1161253 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting xxhwxw.com website and it...
mpsr.sk Cross Site Scripting vulnerability
Security Researcher milankyselica Helped patch 177 vulnerabilities Received 2 Coordinated Disclosure badges Received 4 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting mpsr.sk website and its users. Following coordinated a...
Fedora 30 : rubygem-loofah (2020-1ebc4b8284)
Fix XXS when a crafted SVG element is republished. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues....