Cross-Site Scripting

This vulnerability allows an attacker to inject malicious scripts into web pages by manipulating SVG diagrams created with the affected software. It occurs when user-defined styles and classes are not properly secured, enabling the attacker to execute harmful code if the diagrams are rendered in a web application.

This vulnerability allows attackers to run malicious scripts on the OpenSourcePOS platform, potentially stealing sensitive information from users or manipulating transactions. It occurs when an attacker can inject harmful code into the item management or sales invoice sections, which requires them to have access to those functions in the application.

This vulnerability allows attackers to run malicious scripts on a user's browser by injecting harmful code into the Item Category field when generating barcodes. It requires the attacker to have access to the web interface of OpenSourcePOS, making it important for users to be cautious about input validation and access controls.

This vulnerability allows attackers to run malicious scripts in a user's browser by injecting harmful code into the Phone Number field in the Customers function of OpenSourcePOS v3.4.1. It requires the attacker to trick a user into visiting a page where this code is executed, potentially leading to data theft or session hijacking.

This vulnerability allows an attacker to inject malicious scripts into the HP App for Android, potentially compromising user data or hijacking sessions. It mainly affects users who are running outdated versions of the app on their mobile devices, so updating to the latest version is crucial for protection.

This vulnerability allows an attacker to inject malicious scripts into the settings page of the lty628 aidigu application, which could then execute in the browsers of users visiting that page. To exploit this, the attacker needs to have access to the "intro" field on the settings page, where user input is not properly checked for harmful content.

This vulnerability allows an attacker to inject malicious JavaScript into the OpenProject application, potentially compromising other users' accounts. To exploit this, the attacker needs permissions to edit work packages and add attachments, and they could use this to target a System Admin for privilege escalation.

An attacker can create a malicious link that, when saved by a user in Esri Portal for ArcGIS, can run harmful JavaScript code in that user's web browser. This can be done by anyone, even without special permissions, as long as they are logged in to the system.

This vulnerability allows an attacker with basic access to create a malicious link that, when clicked by a user, can run harmful JavaScript code in their browser. The attacker only needs to be logged in with low-level permissions, making it relatively easy to exploit.

This vulnerability allows an attacker with contributor-level access to inject malicious scripts into the CBX Map plugin, which can then execute in the browsers of users who view the affected maps. This means that if an attacker can get contributor access, they can potentially steal sensitive information or perform actions on behalf of other users.

This vulnerability allows an attacker to inject malicious scripts into a web page viewed by users of the cockpit application, potentially stealing sensitive information or performing actions on behalf of the user. It requires the attacker to trick a user into clicking a specially crafted link while using a vulnerable version of the software.

This vulnerability allows an attacker with high-level access to create a malicious link that, when clicked by a victim, can run harmful JavaScript in their browser. This could let the attacker steal sensitive information, alter trusted content, or disrupt the application's normal operations.

This vulnerability allows an attacker with high-level access to create a malicious link that, when clicked by another user, can run harmful JavaScript in their browser. This could let the attacker steal sensitive information, change site content, or disrupt the site’s normal operations, but it requires the attacker to already have elevated privileges within the system.

This vulnerability allows an attacker with admin access to inject malicious scripts into the Webinar Ignition plugin, which can then execute when other users view the affected content. It requires the attacker to have administrative privileges, making it a risk primarily for organizations with compromised admin accounts.

This vulnerability allows attackers to run harmful scripts on a user's browser by tricking them into clicking a specially crafted link when adding a new change detection watch. It requires the attacker to manipulate the URL, making it possible for them to target users of the affected software version before an update is applied.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the phpipam application, potentially stealing sensitive information like session cookies. It occurs when users click on specially crafted links, and it affects versions prior to 1.5.1.

This vulnerability allows an attacker to inject malicious scripts into the bulletin board feature of Alist, which could then run in the browsers of users visiting that page. To exploit this, the attacker needs to post a specially crafted message that tricks users into executing the harmful code.

This vulnerability allows an attacker to inject malicious scripts into a web page viewed by users, potentially stealing their sensitive information or performing actions on their behalf. It affects versions of phpMyFAQ before 3.1.9 and requires the attacker to trick users into clicking on a specially crafted link.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the phpMyFAQ application, potentially stealing sensitive information like cookies or session tokens. It can be exploited when a user clicks on a specially crafted link, making it important for users to be cautious about the links they follow.

This vulnerability allows an attacker to inject malicious scripts into the Alist application, which could then run in the browsers of users who visit the affected page. To exploit this, the attacker needs to trick users into accessing a specially crafted URL that includes the harmful code.