Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
01.12.2022
Martin Heiland
Med.
OX App Suite Cross Site Scripting / Command Injection
02.09.2022
Martin Heiland
Med.
OX App Suite 7.10.5 Cross Site Scripting
22.03.2022
Martin Heiland
Med.
OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
30.04.2021
Martin Heiland
High
OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
19.10.2020
Martin Heiland
Low
OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
05.01.2020
Martin Heiland
Low
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
17.08.2019
Hanno Boeck
Med.
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
08.01.2019
Secator
Low
Base Soundtouch 18.1.4 Cross Site Scripting
08.01.2019
Tim Schughart
Med.
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
12.06.2018
Martin Heiland
Low
Open-Xchange App Suite 7.8.1 Cross Site Scripting
14.07.2016
Sasi Levi
Low
Open-Xchange Server 6 / OX AppSuite Cross Site Scripting
28.04.2015
Martin Heiland
Low
Open-Xchange Server 6 / OX AppSuite 7.6.1 Cross Site Scripting
06.01.2015
John de Kroon
Med.
Open-Xchange 7.6.0 XSS / SSRF / Traversal
16.09.2014
Martin Heiland
Low
Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting
18.03.2014
Open-Xchange
Low
Open-Xchange 7.4.1 Script Insertion
12.02.2014
joernchen
Low
Open-Xchange AppSuite Script Insertion
07.11.2013
Martin Braun
CVEMAP Search Results
CVE
Details
Description
2024-04-04
CVE-2024-25690
Updating...
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim�??s browser.
2024-01-31
CVE-2024-24571
Updating...
facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.
2024-01-30
CVE-2024-23841
Updating...
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later.
2024-01-01
CVE-2024-0183
Updating...
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability.
2023-12-12
CVE-2022-47375
Updating...
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.
2023-10-14
CVE-2023-5582
Updating...
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.
2023-09-15
CVE-2023-4663
Updating...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9.
2023-08-30
CVE-2023-4109
Updating...
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.
2023-08-14
CVE-2022-4953
Updating...
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
2023-07-06
CVE-2023-24497
Updating...
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database
Copyright
2024
, cxsecurity.com
Back to Top
