Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-48254 | Cross-site Scripting vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | 6.1 |
| 2024-01-10 | CVE-2023-48255 | Cross-site Scripting vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log. | 6.1 |
| 2024-01-10 | CVE-2023-48244 | Cross-site Scripting vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | 6.1 |
| 2024-01-10 | CVE-2023-48248 | Cross-site Scripting vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file. | 5.4 |
| 2024-01-10 | CVE-2020-26628 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. | 6.1 |
| 2024-01-10 | CVE-2023-51252 | Cross-site Scripting vulnerability in Publiccms 4.0 PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2024-01-10 | CVE-2023-41781 | Cross-site Scripting vulnerability in ZTE Mf258 Firmware Ztestdv1.0.0B08/Ztestdv1.0.0B10 There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. | 6.1 |
| 2024-01-09 | CVE-2023-38827 | Cross-site Scripting vulnerability in Follettlearning Solutions Destiny 2001Au4 Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. | 6.1 |
| 2024-01-09 | CVE-2023-50136 | Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0 Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | 5.4 |
| 2024-01-09 | CVE-2024-0346 | Cross-site Scripting vulnerability in Vehicle Booking System Project Vehicle Booking System 1.0 A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. | 5.4 |