CVE-2024-30114 HCL Leap is affected by a cross-site scripting (XSS) vulnerability

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment...

CVE-2024-30147

CVE-2024-30147 affects HCL Leap with multiple vectors enabling client-side script injection in the authoring environment and deployed applications. The provided documents confirm an XSS-type issue and give CVSS-based severity (MEDIUM) but do not disclose a specific patched version or definitive r...

CVE-2024-30147 HCL Leap is affected by a cross-site scripting (XSS) vulnerability

Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap suffers from a security vulnerability that stems from an inadequate cleanup policy that allows client-side scripts to be injected in deployed applications via HTML widgets...

PT-2025-17738 · Hcl · Hcl Leap

Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue concerns multiple vectors in HCL Leap that allow client-side script injection in the authoring environment and deployed applications. Recommendations: At the moment, there is no...

PT-2025-17737 · Hcl · Hcl Leap

Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue is related to insufficient sanitization in HCL Leap, which allows client-side script injection in the authoring environment. Recommendations: At the moment, there is no informati...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...

Supply Chain Attack

Fides is vulnerable to Supply Chain Attack. The vulnerability is due to mishandling of client-side script dependencies and the use of a compromised third-party domain like polyfill.io. The vulnerability allows an attacker to serve malicious scripts to users of legacy browsers when they load...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

EUVD-2024-2328

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...

CVE-2024-23187

Open-Xchange App Suite (OX App Suite) is affected by CVE-2024-23187 in versions up to 8.21. The issue arises from Content-ID based embedding of resources in emails, which could be abused to trigger client-side script code when using the “show more” option. Attackers could perform malicious API re...

CVE-2024-23186

Summary: CVE-2024-23186 affects Open-Xchange Open-Xchange App Suite (see connected sources). An email contains malicious display-name information that can trigger client-side script execution on specific mobile devices, enabling attackers to perform malicious API requests or extract data from use...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

CVE-2024-30214

CVE-2024-30214 concerns SAP Business Connector. The connected documents confirm a cross-site scripting (XSS) vulnerability where an attacker with high privileges can append a malicious GET query parameter to Service invocations that are reflected in the server response, potentially allowing clien...

CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...

CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...

CVE-2023-48254

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...