Cross-site Scripting (XSS)

Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Event Definition Remediation Step field. An attacker can obtain user session cookies by submitting an HTML form. Note: This is only exploitable ...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the processing of user-supplied input in form fields. A low-privileged attacker attacker can execute arbitrary JavaScript in the context of a...

SUSE SLES12 Security Update : zabbix (SUSE-SU-2024:0862-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0862-1 advisory. - The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. CVE-2024-22119 Note that Nessus...

openSUSE 15 Security Update : zabbix (openSUSE-SU-2024:0064-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0064-1 advisory. - The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. CVE-2024-22119 Note that Nessus has not test...

CVE-2023-37531

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

Team Members < 5.3.2 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Team options attributes before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. 1. Create/edit a team and...

CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

Input validation

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

CVE-2024-22119

CVE-2024-22119 is a stored XSS in Zabbix frontend’s graph items select form caused by improper validation of the Graph page Name field in Items. Connected advisories confirm the issue affects multiple Linux distributions (Debian, SUSE/openSUSE, AstraLinux, etc.) and report fixes in various releas...

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the use of a field in the ITIL form for submitting requests, which allows an attacker to obtain the administrator’s account information.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment lies in the use of a input field for ITIL entities in the request form. Exploiting this vulnerability could allow a malicious actor to gain access to the administrator’s account by sending a...

SUSE CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the injection of malicious scripts into vulnerable form fields. An attacker can execute arbitrary JavaScript in the victim's browser by...

Cross-Site Scripting (XSS)

com.liferay:com.liferay.dynamic.data.mapping.form.web is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing a remote authenticated attacker to inject and execute malicious JavaScript on victim's...

SUSE CVE-2010-1399

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via...

SUSE CVE-2018-5098

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass

The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. PoC curl -X POST -F "sizelimit=10485760" -F...