Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper image sanitization during upload, which allows an authenticated user to upload a crafted image file for their avatar which gets rendered as an HTML file. This allows an attacker to execute arbitrary JavaScrip...

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

Input validation

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...

PT-2024-15244 · Osimis · Osimis Webviewer

Name of the Vulnerable Software and Affected Versions: Osimis WebViewer affected versions not specified Description: A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer, the issue gets triggered. If exploited, the attacker wi...

Osimis WebViewer Cross-Site Scripting Vulnerability

Osimis WebViewer is an AI solution from Osimis. Osimis WebViewer suffers from a security vulnerability that originates from allowing an attacker to execute arbitrary JavaScript code in a victim's browser...

Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

GHSA-WC6F-QJXC-622V Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

Cross site scripting

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to Cross-Site Scripting (XSS). A remote attacker can inject arbitrary JavaScript into a victim’s browser by crafting malicious molfiles, leveraging improper handling of user input in the viewer component. Affected version range is prior to 0.3.0; exploit ...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

Cross Site Scripting (XSS)

avo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of the keyvalue parameters within keyvaluecontroller.js. An attacker can inject arbitrary Javascript into the victim's browser...

PT-2024-19405 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog affected versions not specified Description: The issue is related to improper storage and rendering of user comments on the /user/ page, allowing arbitrary javascript code execution. This is due to the use of the |safe tag in the...

CVE-2022-3194

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

CVE-2023-51068

An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...

CVE-2023-51067

An unauthenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...

Cross site scripting

An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...

QStar Archive Solutions Security Breach

QStar Archive Solutions is QStar's range of storage technologies for managing disk arrays, object storage, tape libraries, optical libraries, WORM and clouds private and hybrid. A security vulnerability exists in QStar Archive Solutions RELEASE3-0 Build 7 release, which stems from the presence of...

CVE-2023-51068

An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...

CVE-2023-47861

A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...