CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53986 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53986

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

GHSA-8FH4-942R-JF2G LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users'...

GHSA-P66Q-PPWR-Q5J8 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is...

Cross-Site Scripting (XSS)

Apache Syncope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of HTML sanitization in the Syncope Console, which allows incomplete HTML tags to go unchecked and permits the injection of stored XSS payloads that can affect other users within the applicatio...

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...

CVE-2024-50582

JetBrains YouTrack before 2024.3.47707 is affected by a stored XSS flaw caused by improper HTML sanitization in markdown elements. This allows injected HTML/JS to persist in pages. Remediation per vendor guidance is to update to 2024.3.47707 or later; exploit details are not provided in the docum...

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...

CVE-2024-50581

CVE-2024-50581 affects JetBrains YouTrack before 2024.3.47707. The root cause is improper HTML sanitization, enabling cross-site scripting via a comment tag. Affected software is YouTrack (JetBrains). Impact is XSS under user interaction, as described in the vendor advisory and related security f...

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...

Apache Syncope: Stored XSS in Console and Enduser

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...

CVE-2024-45031

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...

CVE-2024-45031 Apache Syncope: Stored XSS in Console and Enduser

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...

CVE-2024-45031 Apache Syncope: Stored XSS in Console and Enduser

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...

CVE-2024-45031

Apache Syncope is affected by a Stored XSS vulnerability (CVE-2024-45031) due to incomplete HTML sanitization when editing objects in the Syncope Console and Enduser interfaces. This can allow injection of XSS payloads that trigger for other users during normal usage and could lead to session hij...