#xss

A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity  Vendor: PiiGAB, Processinformation i Göteborg Aktiebolag  Equipment: M-Bus SoftwarePack 900S  Vulnerabilities: Code Injection, Improper Restriction of Excessive Authentication Attempts, Unprotected Transport of Credentials, Use of Hard-coded Credentials, Plaintext Storage of a Password, Cross-site Scripting, Weak Password Requirements, Use of Password Hash with Insufficient Computational Effort, Cross-Site Request Forgery  2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash allow an attacker to inject arbitrary commands, steal passwords, or trick valid users into executing malicious commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PiiGAB reports these vulnerabilities affect the following wireless meter reading software:   M-Bus SoftwarePack 900S 3.2 VULNERABILITY OVERVIEW 3.2.1 CODE INJECTION CWE-94 PiiGAB M-Bus does not correctly sanitize user input, which could all...

Debian Linux Security Advisory 5447-1 - Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, a bypass of vandalism protections or information disclosure.

Archon CMS version 3.14 suffers from a cross site scripting vulnerability.

All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.

Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.