CVE-2023-26912

MEDIUM Year: 2023
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.

Related Vulnerabilities

CVE-2004-1865

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name (...

CWE-792004

CVE-2010-2472

MEDIUM
CVSS:4.8(Medium)

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which co...

CWE-792010

CVE-2011-3352

MEDIUM
CVSS:4.8(Medium)

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula admi...

CWE-792011

CVE-2012-1637

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.

CWE-792012

CVE-2012-1932

MEDIUM
CVSS:4.8(Medium)

A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.

CWE-792012

CVE-2012-2078

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.

CWE-792012