CVE-2024-47523

LibreNMS (PHP/MySQL/SNMP-based) has a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports Details field. The root cause is insufficient sanitization of user input in the Details section, allowing an attacker to inject JavaScript that executes in other users’ sessions. This aff...

GHSA-7F84-28QH-9486 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which transport is selected at that moment. This vulnerability can lead to...

LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which transport is selected at that moment. This vulnerability can lead to...

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to the execution of malicious code in the context of other users'...

GHSA-RWWC-2V8Q-GC9V LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to the execution of malicious code in the context of other users'...

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

CVE-2024-9393

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This...

CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...

Mozilla Thunderbird < 131.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-50 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

Mozilla Firefox ESR < 128.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-47 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

Mozilla Thunderbird < 131.0

The version of Thunderbird installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-50 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

Mozilla Firefox ESR < 115.16

The version of Firefox ESR installed on the remote Windows host is prior to 115.16. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-48 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

CVE-2024-46367

CVE-2024-46367 describes a Stored XSS in Webkul Krayin CRM v1.3.0 where a malicious payload in the username field can execute JavaScript, potentially leading to privilege escalation within the CRM. The vulnerability is identified with a high/critical impact (CVSS v3.1: 9.6; Network attack, low co...

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...

Cross-site Scripting (XSS)

camaleoncms is vulnerable to Cross-site Scripting XSS via the image upload functionality. An attacker can execute arbitrary JavaScript on behalf of the user or administrator by uploading malicious SVG or HTML files with embedded scripts...

CVE-2023-46948

A reflected Cross-Site Scripting XSS vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components...

CVE-2023-46948

A reflected Cross-Site Scripting XSS vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components...