RHEL 8 : firefox (RHSA-2024:3783)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3783 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.9AI Score
0.0004EPSS
Moderate: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.8AI Score
0.0004EPSS
willdurand/js-translation-bundle potential path traversal attack and remote code injection
A path traversal and a javascript code injection vulnerabilities were identified in willdurand/js-translation-bundle versions prior to...
7.7AI Score
willdurand/js-translation-bundle potential path traversal attack and remote code injection
A path traversal and a javascript code injection vulnerabilities were identified in willdurand/js-translation-bundle versions prior to...
7.7AI Score
Zend-Navigation vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
Zend-Navigation vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
Zend-Form vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
Zend-Form vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack.....
5.8AI Score
Cross-site scripting (XSS) vulnerability in Description metadata
Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the.....
4.8CVSS
5.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Description metadata
Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the.....
4.8CVSS
5.3AI Score
0.001EPSS
Fedora: Security Advisory for qt5-qtwebchannel (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt6-qtwebchannel (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for rust-sd (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Issue Overview: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. (CVE-2024-4367) If the browser.privatebrowsing.autostart...
7.9AI Score
0.0004EPSS
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into...
7.4CVSS
6.4AI Score
0.0004EPSS
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into...
7.4CVSS
0.0004EPSS
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,....
6.8CVSS
6.3AI Score
0.0004EPSS
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,....
6.8CVSS
0.0004EPSS
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces,...
3.4CVSS
0.0004EPSS
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces,...
3.4CVSS
6.9AI Score
0.0004EPSS
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces,...
3.4CVSS
6.6AI Score
0.0004EPSS
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....
7.3CVSS
0.0004EPSS
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....
7.3CVSS
6.1AI Score
0.0004EPSS
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....
7.3CVSS
5.8AI Score
0.0004EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without...
8.3CVSS
0.0004EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without...
8.3CVSS
6.4AI Score
0.0004EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without...
8.3CVSS
6.6AI Score
0.0004EPSS
CVE-2024-2288 CSRF File Upload Vulnerability in parisneo/lollms-webui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without...
8.3CVSS
0.0004EPSS
CVE-2024-2288 CSRF File Upload Vulnerability in parisneo/lollms-webui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without...
8.3CVSS
6.4AI Score
0.0004EPSS
CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,....
6.8CVSS
0.0004EPSS
CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,....
6.8CVSS
6AI Score
0.0004EPSS
CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces,...
3.4CVSS
0.0004EPSS
CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces,...
3.4CVSS
6.6AI Score
0.0004EPSS
CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into...
7.4CVSS
6.2AI Score
0.0004EPSS
CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into...
7.4CVSS
0.0004EPSS
CVE-2024-3110 Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....
7.3CVSS
0.0004EPSS
CVE-2024-3110 Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....
7.3CVSS
5.8AI Score
0.0004EPSS
javascript-deobfuscator is vulnerable to Code Execution. The vulnerability is due to crafted payloads targeting expression simplification, which allows an attacker to execute arbitrary...
8.1CVSS
7.5AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...
8.4AI Score
EPSS
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser...
6.1CVSS
5.9AI Score
0.0005EPSS
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser...
6.1CVSS
6AI Score
0.0005EPSS
CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser...
6.1CVSS
5.9AI Score
0.0005EPSS
CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser...
6.1CVSS
5.9AI Score
0.0005EPSS
XWiki < 14.10.5 - Cross-Site Scripting
XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue...
9.6CVSS
7.3AI Score
0.451EPSS
typo3/cms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization of user input in the CSS styled content component, which allows an authenticated users to inject arbitrary HTML or...
6.7AI Score
7.4AI Score