Splunk Config Explorer vulnerable to cross-site scripting

Overview Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

WordPress Plugin "WP Booking" vulnerable to cross-site scripting

Overview WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability CWE-79. Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Splunk Config Explorer 安全漏洞

Splunk Config Explorer is an editor interface by Chris Younger, a personal developer. A security vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. An attacker can exploit the vulnerability to execute arbitrary scripts on a web browser...

CVE-2024-30419

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

CVE-2024-30419

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

CVE-2024-30419

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

CVE-2024-30419

A-blog cms contains a stored cross-site scripting (XSS) vulnerability: CVE-2024-30419 affects versions prior to 3.1.12, 3.0.x prior to 3.0.32, 2.11.x prior to 2.11.61, 2.10.x prior to 2.10.53, and 2.9 and earlier. If exploited, a user with contributor or higher privileges who can log in may cause...

PT-2024-31166 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.1 Description: The issue is related to Stored Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2023-5597

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code...

CVE-2023-5597 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code...

CVE-2023-5597

CVE-2023-5597 is a stored cross-site scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer, constrained to 3DEXPERIENCE releases R2023x through R2024x. The issue arises in the 3DDashboard component, enabling arbitrary script execution when exploited. Public technical details in the conn...

SAP NetWeaver AS ABAP XSS (May 2024) (3448445)

The remote SAP NetWeaver ABAP server may be affected by a cross-site scripting XSS vulnerability. A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a use...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

WordPress plugin Yoast SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to t...

CVE-2024-20257

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker...

CVE-2024-20256

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20258

Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway has a web-based management interface vulnerability that enables cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link, al...

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20392

CVE-2024-20392 describes a vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway. The flaw arises from insufficient input validation of parameters passed to the API, enabling an unauthenticated, remote attacker to perform an HTTP response splitting...