#xss

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.

A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.

Movierocket version 1.0 suffers from a cross site scripting vulnerability.

Codemonkey Multi Vendor Digital Product Mart version 1.0 suffers from a cross site scripting vulnerability.

Scriptio version 1.4 suffers from a cross site scripting vulnerability.

EasyAnswer version 1.0.1 suffers from a cross site scripting vulnerability.