1052 matches found
CVE-2024-7606
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-38859 XSS in view page with SLA column
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...
CVE-2024-38859 XSS in view page with SLA column
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...
PT-2024-28240 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p14 Checkmk versions prior to 2.2.0p33 Checkmk versions prior to 2.1.0p47 Checkmk version 2.0.0 Description: The issue allows malicious users to execute arbitrary scripts by injecting HTML elements into the SLA...
GHSA-FCCX-2PWJ-HRQ7 Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...
GHSA-WXM4-9F8P-GGGV Flowise Cross-site Scripting in/api/v1/credentials/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...
GHSA-858C-QXVX-RG9V Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...
GHSA-2JCH-QC96-9F5G Flowise Cross-site Scripting in api/v1/chatflows/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...
CVE-2024-41960
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
Cross-Site Scripting (XSS)
com.jfinal, jfinal is vulnerable to Cross-site scripting. The vulnerability is due to improper input validation in the Title parameter in the /admin/content file, which can be manipulated to inject malicious scripts. Attackers can exploit this vulnerability remotely to execute arbitrary scripts i...
BIT-GITLAB-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user...
GHSA-4MH8-9689-38VR snapd failed to restrict writes to the $HOME/bin path
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...
CVE-2024-7047
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user...
CVE-2024-7047
CVE-2024-7047 is a cross-site scripting vulnerability in GitLab CE/EE. Concrete details from multiple sources show the issue arises from improper neutralization/protection of input in web page generation, allowing an attacker to execute scripts in the context of the currently logged-in user. Affe...
CVE-2024-7047
Removed by vendor...
CVE-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user...
CVE-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user...