Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
01.12.2022
Martin Heiland
Med.
OX App Suite Cross Site Scripting / Command Injection
02.09.2022
Martin Heiland
Med.
OX App Suite 7.10.5 Cross Site Scripting
22.03.2022
Martin Heiland
Med.
OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
30.04.2021
Martin Heiland
High
OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
19.10.2020
Martin Heiland
Low
OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
05.01.2020
Martin Heiland
Low
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
17.08.2019
Hanno Boeck
Med.
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
08.01.2019
Secator
Low
Base Soundtouch 18.1.4 Cross Site Scripting
08.01.2019
Tim Schughart
Med.
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
12.06.2018
Martin Heiland
Low
Open-Xchange App Suite 7.8.1 Cross Site Scripting
14.07.2016
Sasi Levi
Low
Open-Xchange Server 6 / OX AppSuite Cross Site Scripting
28.04.2015
Martin Heiland
Low
Open-Xchange Server 6 / OX AppSuite 7.6.1 Cross Site Scripting
06.01.2015
John de Kroon
Med.
Open-Xchange 7.6.0 XSS / SSRF / Traversal
16.09.2014
Martin Heiland
Low
Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting
18.03.2014
Open-Xchange
Low
Open-Xchange 7.4.1 Script Insertion
12.02.2014
joernchen
Low
Open-Xchange AppSuite Script Insertion
07.11.2013
Martin Braun
CVEMAP Search Results
CVE
Details
Description
2023-10-14
CVE-2023-5582
Updating...
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.
2023-09-15
CVE-2023-4663
Updating...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9.
2023-08-30
CVE-2023-4109
Updating...
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.
2023-08-14
CVE-2022-4953
Updating...
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
2023-07-06
CVE-2023-24496
Updating...
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.
CVE-2023-24497
Updating...
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database
2023-05-31
CVE-2023-3017
Updating...
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.
2023-05-30
CVE-2023-2981
Updating...
A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability.
2023-05-10
CVE-2023-25833
Updating...
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim�??s browser (no stateful change made or customer data rendered).
2023-05-03
CVE-2023-1384
Updating...
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.
Copyright
2023
, cxsecurity.com
Back to Top
