3237 matches found
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2022-1226
A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...
CVE-2021-3988
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore
A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...
CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
PT-2024-29564 · Ibm · Ibm Concert
Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.1 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosur...
FlightPath 安全漏洞
FlightPath is an open source academic advising system for universities from FlightPath, Inc. A security vulnerability exists in FlightPath version 7.5. An attacker can exploit this vulnerability to inject arbitrary JavaScript into a user's web browser...
Pimcore 跨站脚本漏洞
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exist...
webkitgtk: arbitrary javascript code execution
A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...
CVE-2024-50601
Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...
CVE-2024-11021
CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...
CVE-2024-11019
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...
CVE-2024-11019 Grand Vice info Webopac7 - Reflected XSS
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...
PT-2024-34350 · Axigen · Axigen Mail Server
Name of the Vulnerable Software and Affected Versions: Axigen Mail Server versions prior to 10.5.29 Description: The issue concerns persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter. This could allow attackers to execute arbitrary Javascript, potentially...
DS Browsers allvideo.downloader.browser 安全漏洞
DS Browsers allvideo.downloader.browser DS Browsers Fast Video Downloader: Browser is a video downloader from DS Browsers. A security vulnerability exists in DS Browsers allvideo.downloader.browser Fast Video Downloader: Browser version 1.6-RC1 and earlier versions. An attacker can exploit this...
SYQ com.downloader.video.fast 安全漏洞
SYQ com.downloader.video.fast SYQ Master Video Downloader is a video downloader from SYQ Inc. A security vulnerability exists in SYQ com.downloader.video.fast Master Video Downloader version 2.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...
PT-2024-16710 · Grand Vice Info · Webopac
Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The issue is a Stored Cross-site Scripting vulnerability, allowing remote attackers with regular privileges to inject arbitrary JavaScript code into the server. When...
CVE-2024-46962
The SYQ com.downloader.video.fast aka Master Video Downloader application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component...