Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-13 | CVE-2023-51064 | Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30 QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table. | 6.1 |
| 2024-01-13 | CVE-2023-51067 | Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30 An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | 6.1 |
| 2024-01-13 | CVE-2023-51068 | Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30 An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | 5.4 |
| 2024-01-13 | CVE-2023-50072 | Cross-site Scripting vulnerability in Openkm 7.1.40 A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. | 5.4 |
| 2024-01-12 | CVE-2024-22492 | Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | 5.4 |
| 2024-01-12 | CVE-2024-22493 | Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. | 5.4 |
| 2024-01-12 | CVE-2024-22494 | Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | 5.4 |
| 2024-01-12 | CVE-2023-49258 | Cross-site Scripting vulnerability in Hongdian H8951-4G-Esp Firmware User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter. | 6.1 |
| 2024-01-12 | CVE-2023-49260 | Cross-site Scripting vulnerability in Hongdian H8951-4G-Esp Firmware An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. | 6.1 |
| 2024-01-12 | CVE-2023-51790 | Cross-site Scripting vulnerability in Piwigo 14.0.0 Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | 6.1 |