Cross-Site Scripting

An attacker can inject harmful JavaScript code into the Adrenalin HRMS system, which can then be executed in the browsers of users who view the affected report. This vulnerability requires the attacker to manipulate the 'ReportId' parameter on a specific page, allowing them to target users without needing to authenticate.

This vulnerability allows an attacker to inject malicious JavaScript into the Adrenalin HRMS software, which can then be executed in the browsers of users who visit a specially crafted link. To exploit this, the attacker needs to trick users into clicking on a link that includes their malicious code in the parameters of the request.

This vulnerability allows an attacker to inject malicious JavaScript code into the HR management software, which can then be executed in the browsers of users who view the affected page. It requires the attacker to trick a user into clicking a specially crafted link that includes the harmful code in the search parameters.

This vulnerability allows an attacker to inject malicious scripts into the Adrenalin HRMS software, which can then be executed in the browsers of users who visit the affected page. To exploit this, the attacker needs to trick users into clicking a specially crafted link that includes the harmful script.

This vulnerability allows an attacker to inject malicious JavaScript into a webpage, which can then execute in the browser of anyone who visits that page. To exploit this, the attacker needs to trick a user into clicking a link that includes their harmful code in the request to the affected HRMS software.

This vulnerability allows an attacker to inject malicious scripts into the MiniCMS website, which can then be executed in the browsers of users visiting the site. It occurs when the website improperly handles input in the "date" parameter of a specific page, meaning an attacker needs to trick users into visiting a specially crafted link to exploit it.

An attacker can inject and run malicious scripts in a user's browser when they visit a specific page on the webpagetest site, potentially stealing sensitive information or manipulating the user's session. This occurs because the site does not properly filter user input, allowing harmful code to be executed if a user is tricked into clicking a specially crafted link.

An attacker can inject and run malicious scripts in a user's browser when they visit a specific page on a vulnerable webpagetest site. This happens because the site doesn't properly filter user input for a color setting, allowing the attacker to manipulate the page's content if they can trick someone into visiting a crafted link.

This vulnerability allows an attacker to inject malicious scripts into a web page, which could then be executed in the browser of anyone visiting the affected site. It occurs when a user accesses the installation page with a specially crafted URL, making it possible for the attacker to manipulate the content displayed to users.

This vulnerability allows attackers to inject malicious scripts into the admin page of Quick.Cms and Quick.Cart, potentially compromising the site and its users. It affects versions downloaded before December 19, 2012, and requires the attacker to manipulate the URL to exploit the flaw.