Cross-Site Scripting

This vulnerability allows an attacker to inject malicious scripts into a web page viewed by users of the cockpit application, potentially stealing sensitive information or performing actions on behalf of the user. It requires the attacker to trick a user into clicking a specially crafted link while using a vulnerable version of the software.

This vulnerability allows an attacker to inject malicious scripts into the customer management framework, which can then be executed in the browsers of users who access the affected application. It requires the attacker to have the ability to input data into the system, making it particularly dangerous if user-generated content is not properly sanitized.

This vulnerability allows an attacker with high-level access to create a malicious link that, when clicked by a victim, can run harmful JavaScript in their browser. This could let the attacker steal sensitive information, alter trusted content, or disrupt the application's normal operations.

This vulnerability allows an attacker with high-level access to create a malicious link that, when clicked by another user, can run harmful JavaScript in their browser. This could let the attacker steal sensitive information, change site content, or disrupt the site’s normal operations, but it requires the attacker to already have elevated privileges within the system.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the WP Abstracts plugin, potentially stealing sensitive information or performing actions on behalf of users. It can be exploited without authentication, meaning anyone can trigger it simply by visiting a specially crafted link.

This vulnerability allows an attacker with admin access to inject malicious scripts into the Webinar Ignition plugin, which can then execute when other users view the affected content. It requires the attacker to have administrative privileges, making it a risk primarily for organizations with compromised admin accounts.

This vulnerability allows an attacker with admin access to inject malicious scripts into the modal dialog plugin, which can then execute when other users interact with the affected site. It requires the attacker to have administrative privileges to exploit the flaw, making it a risk for sites where admin accounts could be compromised.

This vulnerability allows attackers to run harmful scripts on a user's browser by tricking them into clicking a specially crafted link when adding a new change detection watch. It requires the attacker to manipulate the URL, making it possible for them to target users of the affected software version before an update is applied.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the phpipam application, potentially stealing sensitive information like session cookies. It occurs when users click on specially crafted links, and it affects versions prior to 1.5.1.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially stealing sensitive information or performing actions on their behalf. It affects versions of the qwik product before 0.1.0-beta5, and an attacker would need to trick users into visiting a compromised page to exploit it.

This vulnerability allows an attacker to inject malicious scripts into the IP Blacklist Cloud plugin, which can then be executed in the browsers of users who have access to the plugin. To exploit this, the attacker must have authenticated access to the plugin, meaning they need to log in as a legitimate user.

This vulnerability allows an attacker to inject malicious scripts into the bulletin board feature of Alist, which could then run in the browsers of users visiting that page. To exploit this, the attacker needs to post a specially crafted message that tricks users into executing the harmful code.

This vulnerability allows an attacker to inject malicious scripts into a web page viewed by users, potentially stealing their sensitive information or performing actions on their behalf. It affects versions of phpMyFAQ before 3.1.9 and requires the attacker to trick users into clicking on a specially crafted link.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the phpMyFAQ application, potentially stealing sensitive information like cookies or session tokens. It can be exploited when a user clicks on a specially crafted link, making it important for users to be cautious about the links they follow.

This vulnerability allows an attacker to inject malicious scripts into the Alist application, which could then run in the browsers of users who visit the affected page. To exploit this, the attacker needs to trick users into accessing a specially crafted URL that includes the harmful code.

This vulnerability allows an attacker to inject malicious JavaScript code that can run in the admin panel of the WP Photo Album Plus plugin, potentially compromising the site. It can be exploited by any user, even those who are not logged in, simply by submitting harmful content that gets logged by the plugin.

An attacker can exploit a weakness in SAP Enterprise Threat Detection to inject malicious scripts into the user interface, potentially allowing them to steal sensitive information or perform actions on behalf of other users. This vulnerability arises because the system does not properly handle user inputs, and it mainly affects the web interfaces that rely on the SAP UI5 framework.

An attacker can upload a malicious Power BI template that includes harmful HTML files, which can then execute scripts in the context of a user’s session, potentially allowing the attacker to gain higher privileges if the victim has admin rights. This requires the victim to be tricked into accessing the malicious HTML files while logged into the Power BI Report Server.

This vulnerability allows an attacker to inject malicious scripts into the IP calculator feature of phpIPAM, which can then execute in the browser of anyone who visits the affected pages. To exploit this, the attacker needs to trick users into clicking on a specially crafted link that leads to the vulnerable pages.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the gigpress plugin for WordPress, potentially stealing sensitive information or hijacking user sessions. It can be exploited if the attacker can input data into the plugin without proper validation, which could happen in forms or comments.