CVE-2024-5062

CVE-2024-5062 : A reflected XSS in zenml-io/zenml

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

GHSA-Q6XV-JM4V-349H Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

LINE client for iOS vulnerable to universal cross-site scripting

Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...

RLSA-2024:2888 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...

CVE-2024-36656

MintHCM 4.0.3 is affected by a reflected Cross-site Scripting (XSS) vulnerability in which a registered user can execute arbitrary JavaScript. The issue originates from MintHCM 4.0.3 and is described across multiple sources as enabling a registered user to inject and run JavaScript, leading to XS...

PT-2024-27108 · Minthcm · Minthcm

Name of the Vulnerable Software and Affected Versions: MintHCM version 4.0.3 Description: A reflected Cross-site Scripting XSS attack can be achieved by a registered user, allowing the execution of arbitrary JavaScript code. Recommendations: For MintHCM version 4.0.3, at the moment, there is no...

CVE-2024-36222

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

CVE-2024-36190

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

CVE-2024-36151

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-26072

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

CVE-2024-26037 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36224 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-26072 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

CVE-2024-26053

Adobe Experience Manager (AEM) versions 6.5.20 and earlier are documented to contain a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary JavaScript in a victim’s browser. Exploitation requires user interaction (e.g., clicking a crafted link or su...

CVE-2024-36234 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

CVE-2024-36181 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-36190

CVE-2024-36190 affects Adobe Experience Manager (AEM) versions ≤ 6.5.20. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in the victim’s browser context, typically requiring user interaction (e.g., clicking a crafted link o...