CVE-2023-46948

A reflected Cross-Site Scripting XSS vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components...

CVE-2024-47226

A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...

CVE-2024-38380

This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session...

PT-2024-27970 · Millbeck Communications · Proroute H685T-W +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute...

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is cause due to a missing validation and sanitization in the href attribute of the tag in the carousel component in the data-slide and data-slide-to attributes. This can enable attackers to execute arbitrary JavaScript within...

CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

eLabFTW 安全漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW versions prior to 5.0.0. An attacker exploiting this vulnerability could run arbitrary...

PT-2024-22265 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.0.0 Description: The issue allows a regular user to create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application by uploading specially crafted files. Thi...

CVE-2024-5624 Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL

Reflected Cross-Site Scripting XSS in Shift Logbook application of B&R APROL = R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session...

vTiger CRM 7.4.0 Cross Site Scripting

CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...

The vulnerability of the site_id parameter in the netshop CMS system, Netcat, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the siteid parameter in the netshop CMS system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of the “market” parameter in the Netcat netshop CMS system allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the “market” parameter in the netshop CMS system, Netcat CMS, is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of the Netcat CMS system’s comment module allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Netcat CMS system’s comment module exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

CVE-2024-43400

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. Thi...

CVE-2024-43400

CVE-2024-43400 refers to an XSS vulnerability in the XWiki Platform. A user without Script/Programming rights could be enticed to follow a crafted URL that leads to a page containing arbitrary JavaScript. The issue is documented across multiple sources, and patches exist: XWiki 14.10.21, 15.5.5, ...

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing sanitization in the href attribute of the tag while working with data-slide and data-slide-to attributes. This could enable an attacker to execute arbitrary JavaScript within the victim's browser...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform. An attacker exploiting this vulnerability could use arbitrary JavaScript to craft a URL pointing to a page...

PT-2024-30559 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.21 XWiki Platform versions prior to 15.5.5 XWiki Platform versions prior to 15.10.6 XWiki Platform versions prior to 16.0.0 Description: The issue allows a user without Script or Programming rights to...

PT-2024-38571 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function. This allows authenticated attackers with...

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...