Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

JVN#70977403: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-30419 Server-side request forgery CWE-918...

CVE-2024-3443 SourceCodester Prison Management System apply_leave.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/applyleave.php. The manipulation of the argument txtstartdate/txtenddate leads to cross site scripting. The attack can be initiated...

JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79...

Cisco Unified Communications Manager IM & Presence XSS (cisco-sa-cucm-imps-xss-quWkd9yF)

According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the report host is affected by a coss-site scripting XSS vulnerability. The vulnerability exists in the web-based management interface due to improper validation of user-supplied input before...

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

CVE-2024-20334

CVE-2024-20334 affects Cisco TelePresence Management Suite (TMS) web-based management interface. Vulnerability arises from insufficient input validation in the interface, enabling a low-privileged, remote attacker to perform cross-site scripting (XSS). A successful exploit could execute arbitrary...

CVE-2024-20367

A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...

WordPress plugin Survey Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-3796 · Cisco · Cisco Telepresence Management Suite

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Management Suite affected versions not specified Description: The issue is related to insufficient input validation in the web-based management interface, allowing a low-privileged, remote attacker to conduct a cross-site...

CVE-2024-28895

CVE-2024-28895 is a cross-site scripting vulnerability in the Yahoo! JAPAN App for Android (2.3.1–3.161.1) and iOS (3.2.2–4.109.0). The root cause is a WebView-based XSS (CWE-79) that could allow an arbitrary script to execute in the WebView via another app on the device. Exploitation details are...

JetBrains TeamCity AgentDistributionSettingsController Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

"Yahoo! JAPAN" App vulnerable to cross-site scripting

Overview "Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Ampache Storage Cross-Site Scripting Vulnerability

Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in /preferences.php?action=adminupdatepreferences, which can be...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-26018

Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

CVE-2024-28126

Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00...

CVE-2024-28126

Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...