CVE-2024-11404

CVE-2024-11404 : Affected software is Django Filer (used with Django CMS). The vulnerability is an Unrestricted Upload of File with Dangerous Type and Stored XSS caused by input data manipulation and improper neutralization of script-related HTML tags. Impact is stored XSS with potential data han...

CVE-2024-9526

There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We...

CVE-2024-9526

CVE-2024-9526 describes a stored XSS in Kubeflow Pipeline View web UI. The vulnerability stems from the description field in the pipeline creation form, which allows HTML tags that are not properly filtered, enabling stored cross-site scripting. Multiple sources (NVD entry, SUSE security advisory...

CVE-2024-9526 Stored XSS in Kubeflow Pipeline View

There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We...

CVE-2024-9526 Stored XSS in Kubeflow Pipeline View

There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We...

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-47882 OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

Apache Syncope: Stored XSS in Console and Enduser

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...

CVE-2024-44061

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory EU/UK VAT Manager for WooCommerce eu-vat-for-woocommerce.This issue affects EU/UK VAT Manager for WooCommerce: from n/a through = 2.12.14...

Cross Site Scripting(XSS)

github.com/alist-org/alist is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to inadequate input validation in the /i/:linkname endpoint, which fails to sanitize user-provided values, allowing malicious HTML tags to be executed in the application context...

CVE-2024-47067 Alist Contains a Reflected Cross-Site Scripting Vulnerability

AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...

Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

GHSA-J827-6RGF-9629 Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

PYSEC-2024-273

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

PYSEC-2024-273

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

PYSEC-2024-272

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346

CVE-2024-42346 affects Galaxy: stored Cross-Site Scripting via the editor visualization endpoint at /visualizations. The vulnerability arises from storing HTML/JS that can execute on edit operations. Patches were applied across supported Galaxy branches (to mitigate this risk); upgrading to the p...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...