CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting

A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...

CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting

A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...

EasyCorp EasyAdmin 跨站脚本漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in EasyCorp EasyAdmin 4.8.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in Autocomplete's function Autocomplete ...

PT-2024-23624 · Easycorp · Easyadmin

Name of the Vulnerable Software and Affected Versions: EasyCorp EasyAdmin versions up to 4.8.9 Description: A vulnerability was found in the Autocomplete function of the file assets/js/autocomplete.js, which can lead to cross-site scripting. The manipulation of the item argument is the cause of...

CVE-2024-28120

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

CVE-2024-28120 API key leak in codeium-chrome

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

PT-2024-2625 · Unknown · Codeium-Chrome

Name of the Vulnerable Software and Affected Versions: codeium-chrome affected versions not specified Description: The issue is related to the lack of protection for service data in the codeium-chrome plugin. An attacker can exploit this to send arbitrary requests to the internal autocomplete...

BIT-GITLAB-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

CVE-2023-45696

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

CVE-2023-45696

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

Design/Logic Flaw

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

CVE-2023-45696 HCL Sametime is impacted by an autocomplete enabled vulnerability

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

CVE-2023-45696

CVE-2023-45696 affects HCL Sametime, specifically issues in the Legacy web chat client where autocomplete is enabled for sensitive input fields. The underlying consequence is that user-entered data can be stored by the browser by default. Current documents provide the vulnerability description an...

CVE-2023-45696 HCL Sametime is impacted by an autocomplete enabled vulnerability

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

PT-2024-2332 · Hcl · Hcl Sametime Chat/Meetings

Name of the Vulnerable Software and Affected Versions: HCL Sametime Chat and Meetings affected versions not specified Description: The issue is related to the lack of protection for sensitive data in the HCL Sametime Chat and Meetings software. It is mentioned that sensitive fields have...

Sulu HTML Injection via Autocomplete Suggestion

Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...

GHSA-GFRH-GWQC-63CV Sulu HTML Injection via Autocomplete Suggestion

Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...

CVE-2024-24807 Sulu is vulnerable to HTML Injection via Autocomplete Suggestion

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones...

CVE-2024-24807 Sulu is vulnerable to HTML Injection via Autocomplete Suggestion

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones...

Sulu Security Breach

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu version 2.0.0 and later versions, which stems from the execution of HTML when a tag name is listed in an autocomplete form...