The NethServer module installed as WebTop, produced by Sonicle, is affected by a stored cross site scripting vulnerability due to insufficient input sanitization and output escaping which allows an attacker to store a malicious payload as to execute arbitrary web scripts or HTML. Versions 7 and 8 are affected.
71dee722377e162d1e9feb9e21ad78ba3b875d892287e875ff81e8ff1b5fccf2
FusionInvoice version 2023-1.0 suffers from a persistent cross site scripting vulnerability.
025695812c81674c72c23cd6e0f848b4f9277e0d7574ffb741a4adf5ace223b8
CiviCRM version 5.59.alpha1 suffers from a persistent cross site scripting vulnerability.
fb8656ee1c35201c1ac4e4a5256172e19937245ddfd39f48aab653d7c4f2e4c4
GV-Edge Recording Manager version 2.2.3.0 suffers from a privilege escalation vulnerability.
b4e358b9f4225b98f697086ed63dac38775b10cd0cb5bac428df7fe2c497a8de
MilleGPG5 version 5.9.2 suffers from a local privilege escalation vulnerability due to incorrect access controls.
170b10b19175444a0ac5f5835ca8fe2bafd6554d1e4df279781d00be46f34722
File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges.
3138a60a71e273996458f75dde264765daef7445674e569f1253db4a7267de35
Avantune Genialcloud ProJ version 10 suffers from a cross site scripting vulnerability.
7a0d3b9dfd4b8e8ad8e6da668090859f7b1f76c4079023524c8bc929d6e1982f
PHProjekt PhpSimplyGest and MyProjects version 1.3.0 suffer from a cross site scripting vulnerability.
683da3b4055369ad271be51cb81dbf94818591a437064ded4119628be26cc697
TotalAV version 5.15.69 suffers from an unquoted service path vulnerability.
b4067cdc2ae6c288bb17fdcb1944098805ac09b753348b941b1e2a016ca7d586
Amica Prodigy version 1.7 suffers from a local privilege escalation vulnerability.
caec36a86ced790c36d4026e356ea824994c3321f03dc44832a08b9b40c8a551
WinWaste.NET version 1.0.6183.16475 allows a local unprivileged user to replace the executable with a malicious file that will be executed with LocalSystem privileges.
f138194908349f8509cd895a66bd8a4e906ecf14ebb462f8a8d1d9c962c5bf2f
Millewin version 13.39.028 suffers from a local privilege escalation issue due to insecure permission and unquoted service path vulnerabilities.
9c3a6a6a64b49d3d2a14af6f3258667c88074e9061ebec03c1f8e4cfe33078db
PHPJabbers Appointment Scheduler version 2.3 suffers from a cross site scripting vulnerability.
3f3a382ddbe5315a04dd191f3e4bfed9e6780f72a7ee0ec61bc3039d40259c90
PHPJabbers Appointment Scheduler 2.3 suffers from a cross site scripting vulnerability.
6d9f865f19e0ad489deb9399c4ddf39299e14a0507ba056a5a408033ba345e68
Mitel CS018 suffers from a call data information disclosure vulnerability.
574a3eece50e783f3a6b0d995aeb0864c36127106dad5f53c0ab1502c3a510de
Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability.
26d7040b3fa2dbb8ced8f3b58bfb1ce674ab78449709550e871465d9e6e67d4f