CVE-2024-7737

CVE-2024-7737 is a stored XSS vulnerability in 3DSwym (3DSwymer) affecting 3DEXPERIENCE R2022x through R2024x. The issue stems from storing/scriptable input that can execute arbitrary script code in a user’s browser session, enabling an attacker to perform actions or exfiltrate data within an aut...

CVE-2024-7736

The CVE-2024-7736 entry affects ENOVIA Collaborative Industry Innovator (3DEXPERIENCE R2022x through R2024x). The issue is a reflected Cross-site Scripting (XSS) vulnerability exploiting a JavaScript/script rendering pathway in the browser, enabling arbitrary script execution in a user session. T...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE. An attacker could exploit the vulnerability to execute arbitrary script code within a user's browser session...

CVE-2024-45366

Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...

CVE-2024-45366

Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...

ROS-20240917-05

Vulnerability in the sysinfo.cgi script implementation of Webmin hosting control panel exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute an arbitrary script...

Perfex CRM 安全漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. Used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM v1.1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by...

Security Updates for Microsoft Dynamics 365 (on-premises) (September 2024)

The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by a cross-site scripting XSS vulnerability. The vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, ...

CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator...

CVE-2024-45429

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...

CVE-2024-8004

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7939

A stored Cross-site Scripting XSS vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7938

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-8004

CVE-2024-8004 describes a stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator spanning releases from 3DEXPERIENCE R2022x to R2024x . The issue allows an attacker to execute arbitrary script in a user’s browser session when malicious input is stored and rende...

CVE-2024-7939

CVE-2024-7939 describes a stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Dassault Systèmes 3DEXPERIENCE Release R2024x. The connected sources identify the affected component as 3DSwym/3DSwymer within the R2024x release and confirm the vulnerability type as stored ...

CVE-2024-7938

CVE-2024-7938 is a stored XSS in 3DSwymer’s 3DDashboard affecting 3DEXPERIENCE R2023x through R2024x. The vulnerability stems from insecure handling of input in the dashboard, enabling arbitrary script execution in a user’s browser session. The PT-2024-38703 advisory explicitly lists the affected...

CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-42412

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...

Kashipara Hotel Management System Cross-Site Scripting Vulnerability

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the useremail parameter of...