#xss

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.

Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.

Travelable version 1.0 suffers from a persistent cross site scripting vulnerability.

BloodBank version 1.1 suffers from a cross site scripting vulnerability.

Carlisting version 1.6 suffers from a cross site scripting vulnerability.

Lawyer CMS version 1.6 suffers from a cross site scripting vulnerability.

JobSeeker version 1.5 suffers from a cross site scripting vulnerability.

Ecommerce version 1.15 suffers from a cross site scripting vulnerability.

Insurance version 1.2 suffers from a cross site scripting vulnerability.