CVE-2024-29183

OpenRASP (the RASP solution) is affected by a reflected XSS in the /login page caused by reflection of the redirect parameter. The issue allows an attacker to execute arbitrary JavaScript in the context of a logged-in user. The CVE entry provides CVSS v3.1 base score 6.1 (Medium) with network att...

CVE-2024-29183 OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login

OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of...

Baidu OpenRASP 安全漏洞

Baidu OpenRASP is an open source RASP solution from the Chinese company Baidu. A security vulnerability exists in Baidu OpenRASP. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

Stored Cross-site Scripting (XSS) in excalidraw's web embed component

Summary A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. Poc Inserting an embed with the below url can be copy/pasted onto canvas to insert as embed will log 42 to the console:...

CVE-2024-32472

The CVE-2024-32472 entry details a stored XSS in Excalidraw’s web embeddable component. Two vectors exist: (1) untrusted content rendered as an iframe srcdoc without proper HTML sanitization, and (2) improper sanitization against attribute HTML injection, exacerbated by allow-same-origin in the s...

PT-2024-19359 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.0.3.9 IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.3 IBM Sterling B2B Integrator version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in t...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

CVE-2024-31544

A stored cross-site scripting XSS vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrowername”, “facultydepartment” parameters in /classes/Master.php?f=saverecord...

CVE-2024-31544

A stored cross-site scripting XSS vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrowername”, “facultydepartment” parameters in /classes/Master.php?f=saverecord...

CVE-2024-25705

There is a cross‑site scripting XSS vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary...

CVE-2024-25698

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2024-25708

Esri Portal for ArcGIS Enterprise Web App Builder (versions 10.9.1 and below) is affected by a stored Cross-site Scripting vulnerability. The issue allows a remote, authenticated attacker to create a crafted link that, when clicked, could execute arbitrary JavaScript in the victim’s browser. The ...

Cross Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of input in the component Add Portal Note, leading to the execution of arbitrary JavaScript code...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-40143)

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'forward.0.domain' parameter. This plugin only works with Tenable.ot. Please visit...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-45222)

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'autorefresh' parameter. This plugin only works with Tenable.ot. Please visit...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-45227)

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'dns.0.server' parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2024-23727

The YI Smart Kami Vision com.kamivision.yismart application through 1.0.020231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

The vulnerability of Adobe Experience Manager’s content and media data management system, which exists due to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code using a specially created URL...

CVE-2024-28784

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893...