CVE-2024-45511

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

MyBB 安全漏洞

MyBB is a free and open source forum software, written in PHP, supporting MySQL, MariaDB, PostgreSQL and SQLite databases. A cross-site scripting vulnerability exists in MyBB. The vulnerability is related to the component installindex.php, which does not adequately clean up the websitename...

CVE-2024-45511

CVE-2024-45511 affects Zimbra Collaboration (ZCS) up to 10.1, via the Briefcase module. The root cause is improper sanitization of file contents by the OnlyOffice formatter, allowing a crafted URL to a shared folder containing a malicious file to execute arbitrary JavaScript in the victim’s sessi...

GHSA-8FH4-942R-JF2G LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...

CVE-2024-49754

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...

CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This...

CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This...

CVE-2024-51497

LibreNMS is affected by a Stored XSS in the Custom OID tab, where an authenticated user can inject JavaScript via the unit parameter when creating a new OID. The vulnerability is due to improper sanitization in librenms/includes/html/print-customoid.php and is associated with the stored XSS paylo...

GHSA-GV4M-F6FX-859X LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users'...

GHSA-28P7-F6H6-3JH3 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php

Summary A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "metric"...

LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php

Summary A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "metric"...

CVE-2024-51495 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results i...

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is...

CVE-2024-51494 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability...

CVE-2024-50355

CVE-2024-50355 affects LibreNMS (PHP/MySQL/SNMP-based) where Admins can edit a device’s Display Name; input is not properly sanitized, allowing JavaScript in the name to execute in various contexts (persistent XSS). The vulnerability impacts multiple endpoints that display or reflect the Display ...

GHSA-4M5R-W2RQ-Q54Q LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

GHSA-V7W9-63XH-6R3W LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php

Summary A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter,...

GHSA-XH4G-C9P6-5JXG LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is...

CVE-2024-41785 IBM Concert cross-site scripting

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

GHSA-R735-9GC6-2HVQ Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...