CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

GoCD 安全漏洞

GoCD is a continuous delivery server from GoCD Open Source. A security vulnerability exists in GoCD versions 18.9.0 through 24.4.0, which stems from a vulnerability that allows misuse of the backup configuration feature, which could potentially allow execution of arbitrary scripts on managed...

Discourse cross-site scripting vulnerability (CNVD-2024-4963986)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2024-55864

CVE-2024-55864 is a Cross-Site Scripting vulnerability in My WP Customize Admin/Frontend. Affected versions are before 1.24.1 (WordPress plugin). The issue could allow an authenticated attacker to inject arbitrary JavaScript that runs in other users’ browsers (CVSS 3.0 base 4.8, MEDIUM). Red Hat/...

CVE-2024-12089

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-12090

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-12091

A stored Cross-site Scripting (XSS) vulnerability affects Dassault Systèmes ENOVIA Collaborative Industry Innovator (3DEXPERIENCE) versions R2022x through R2024x. The issue arises from unsanitized/stored input allowing an attacker to execute arbitrary script in a user’s browser session. Affected ...

CVE-2024-12338

The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolboxusername’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

WordPress plugin WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin WordPress Book Plugin for Displaying...

WordPress plugin kvCORE IDX 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Social Media Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-50677

CVE-2024-50677 describes a cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 where an attacker can inject a crafted payload into the Search parameter to execute arbitrary web scripts or HTML. The root cause is improper handling/validation of user input in the search functionality, ...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...