3298 matches found
CVE-2024-26468
A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...
Cross site scripting
A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...
Cross site scripting
A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26465
A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26465
A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26467
A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...
The web-platform-tests Project Security Vulnerabilities
The web-platform-tests Project is web-platform-tests open source a cross-browser test suite for the Web platform stack . The web-platform-tests Project commit 938e843 previous version of a security vulnerability , the vulnerability stems from the existence of DOM-based cross-site scripting XSS...
Railroad-diagram Generator Security Vulnerability
Railroad-diagram Generator is a small library for generating railroad diagrams such as those used by JSON.org using SVG by the individual developer Tab Atkins Jr. A security vulnerability exists in versions prior to Railroad-diagram Generator commit ea9a123, which stems from the presence of a...
PT-2024-12443 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...
CVE-2024-21678
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...
Cross-Site Scripting (XSS)
sidekiq-unique-jobs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parameter sanitization within GET request to the admin webUI. This allows an attacker with super-user permission to execute arbitrary JavaScript code in the browser...
The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
CVE-2023-45227
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...
CVE-2023-45222
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...
Cross site scripting
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...
CVE-2023-45222 Westermo Lynx Cross-site Scripting
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...
CVE-2023-45227 Westermo Lynx Cross-site Scripting
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...
PT-2024-13056 · Westermo · Lynx +1
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the username parameter in the SNMP configuration...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...
PT-2024-14024 · Ibm · Ibm Business Automation Workflow
Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 23.0.2 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...