3237 matches found
CVE-2024-10904
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51953 Stored XSS in ArcGIS Server Rest services
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51952
Concretely, CVE-2024-51952 affects Esri ArcGIS Server versions 10.9.1 through 11.3 with a stored Cross‑Site Scripting vulnerability that can be triggered by a malicious, crafted link. An authenticated attacker with publisher privileges could execute JavaScript in a victim’s browser, impacting con...
CVE-2024-51947
ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...
CVE-2024-51944 Stored XSS in Rest Services Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
IBM Business Automation Workflow 跨站脚本漏洞
IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site scripting vulnerability exists in IBM...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Linux Distros Unpatched Vulnerability : CVE-2010-3771
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Linux Distros Unpatched Vulnerability : CVE-2010-1585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14,...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
CVE-2025-22491
The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software FRS application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest version 1.5.100 of...
CVE-2025-22491 Improper Input Validation in Foreseer Reporting Software (FRS)
The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software FRS application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest version 1.5.100 of...
PT-2025-9082 · Unknown · Foreseer Reporting
Name of the Vulnerable Software and Affected Versions: Foreseer Reporting Software FRS versions prior to 1.5.100 Description: The issue arises from unsanitized user input on the Reporting Hierarchy Management page of the FRS application, potentially leading to the execution of arbitrary JavaScrip...
PT-2025-9139 · Syspass · Syspass
Name of the Vulnerable Software and Affected Versions: SysPass versions 3.2.x Description: A stored cross-site scripting XSS vulnerability allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or...
copyparty renders unsanitized filenames as HTML when user uploads empty files
Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...
CVE-2024-46226
A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...