Cross-Site Scripting

This vulnerability allows attackers to run harmful scripts in a user's web browser when they click on a specially crafted link. It requires the attacker to trick the user into visiting that link while using the affected application, which could lead to stealing sensitive information or hijacking the user's session.

This vulnerability allows attackers to upload files with malicious scripts hidden in the filenames, which can then run harmful JavaScript in users' browsers when the files are viewed. It occurs because the system does not properly check or clean the filenames in the uploaded files, making it easy for attackers to exploit this weakness.

This vulnerability allows an attacker to inject malicious scripts into the Vertica management console, which can then be executed in the browser of anyone accessing the console. For this to work, the attacker needs to trick a user into clicking a specially crafted link that exploits the flaw, affecting multiple versions of the software.

This vulnerability allows an attacker to inject malicious scripts into the Vertica management console, which can then be executed in the browser of anyone who visits the affected page. To exploit this, the attacker needs to trick a user into clicking a specially crafted link that targets the vulnerable console.

An attacker can inject malicious code into the SAP Business One Job Service through specially crafted URLs, potentially leading to a Cross-Site Scripting (XSS) attack when users interact with those links. This vulnerability requires the attacker to trick users into clicking on the harmful link, but it does not compromise the overall availability of the application.

An attacker can trick a user into clicking a malicious link that runs harmful JavaScript in their browser, potentially stealing sensitive information like session cookies or taking actions as if they were the user. This vulnerability occurs when the attacker manipulates the 'name' parameter in the search results page of Eventobot.

This vulnerability allows an attacker to inject malicious HTML, like a script tag, into applications that use a specific Markdown parser to handle user input, potentially leading to cross-site scripting (XSS) attacks. It can be exploited by cleverly inserting whitespace in disallowed HTML tags, and it affects any application relying on the parser's built-in sanitization without additional protections.

This vulnerability allows an attacker to take over user accounts by exploiting a flaw in Zitadel's login interface, specifically through a cross-site scripting (XSS) attack on the /saml-post endpoint. It affects versions 4.0.0 to 4.11.1, and users should upgrade to version 4.12.0 to protect against this critical issue.

This vulnerability allows an attacker to inject malicious scripts into web pages, which can then execute in the browsers of users visiting those pages. It affects specific versions of the Preferred Languages software, and an attacker needs to find a way to manipulate the input that the software processes to exploit this weakness.

This vulnerability allows an attacker to inject malicious JavaScript into the SiYuan web application, which can then execute actions on behalf of a logged-in user if they click on a crafted link. It can be exploited without any authentication, making it particularly dangerous for users who might unknowingly open the link.

An attacker can exploit a vulnerability in changedetection.io to inject malicious JavaScript into the web page, which could then be executed in the browser of anyone visiting that page. This happens when a user accesses a specific URL with a manipulated tag identifier, allowing the attacker to run harmful scripts without needing any special access.

This vulnerability allows a malicious user with admin access to a connected Guardian to inject harmful HTML into the CMC's Sensor Map feature, which could trick other users into clicking on phishing links. However, this can only happen if the Sensor Map is enabled, and the attack is limited because existing security measures prevent more serious exploits like full account takeover or data theft.

This vulnerability allows a malicious user with the right permissions to inject harmful HTML into a node label, which could then be displayed to other users in the Alerted Nodes Dashboard. While the risk of full exploitation is limited by existing security measures, it could still lead to phishing attempts or redirecting users to malicious sites if they interact with the affected alerts.

This vulnerability allows an attacker to run malicious scripts in a user's web browser by sending a specially crafted request to the device's web management interface. It requires the attacker to trick a user into clicking a link that includes the malicious code, which then gets executed without proper checks.

An attacker can inject malicious code into a webpage that users access through the SFX Series SuperFlex Satellite Receiver, which could allow them to run harmful scripts in the victims' browsers. This happens because the device doesn't properly check the input from users before displaying it, and it requires the victim to click on a specially crafted link to trigger the attack.

This vulnerability allows an authenticated attacker to inject malicious XML code into the web management interface of a satellite receiver, potentially leading to reflected cross-site scripting (XSS) attacks. The attacker can exploit this flaw by manipulating the `file` parameter in a specific script, which could also open the door for further attacks like XML External Entity (XXE) attacks.

An attacker can trick an authenticated management user of Fireware OS into executing harmful JavaScript by clicking on a specially crafted link, potentially compromising their session or stealing sensitive information. This vulnerability affects specific versions of Fireware OS and requires the user to be logged in to the management interface when they click the link.

An attacker can upload a specially crafted CSV file that contains malicious code, which can then execute JavaScript when viewed by administrators or users who can access import logs. This vulnerability affects versions prior to 1.11.30 and relies on the attacker being able to upload files with unsafe names.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the Microchip TimePictra software, potentially stealing sensitive information or hijacking user sessions. It affects versions 11.0 through 11.3 SP2, and requires the attacker to trick users into visiting a compromised page.

This vulnerability allows an attacker to upload a PDF file that contains malicious JavaScript, which can then execute when a user views the file, potentially stealing credentials or performing unauthorized actions. It affects all file upload points in the system, meaning any user with upload access can exploit this if they upload a specially crafted PDF.