HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.
An unauthenticated remote attack
HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will ca
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan
A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into a
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show,
Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected d
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argu
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the p
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary Ja
The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’s browse
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked co
Page 1+ Next →