PT-2024-12633 · Hcl · Hcl Bigfix Platform

Name of the Vulnerable Software and Affected Versions: HCL BigFix Platform affected versions not specified Description: A cross-site scripting XSS issue in the Web Reports component can allow an attacker to execute malicious javascript code into a webpage, potentially accessing stored cookie...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A cross-site scripting vulnerability exists in the HCL BigFix Platform, which...

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

Server side request forgery (ssrf)

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

CVE-2023-7238

A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser...

CVE-2024-23348

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...

The vulnerability in the web interface of the IBM QRadar SIEM system allows a perpetrator to bypass restrictions on JavaScript execution.

The vulnerability in the web interface of the IBM QRadar SIEM system relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to circumvent restrictions on JavaScript execution remotely...

PT-2024-19827 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.7 a-blog cms versions prior to 3.0.29 a-blog cms versions prior to 2.11.58 a-blog cms versions prior to 2.10.50 a-blog cms version 2.9.0 and earlier Description: The issue is related to improper input...

The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications lies in the lack of protective measures for the website structure. This allows attackers to circumvent the restrictions on JavaScript execution.

The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to circumvent...

PT-2024-19985 · Unknown · Label Studio

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.10.1 Description: The remote import feature in Label Studio allowed users to import data from a remote web source, which could be abused to download a HTML file that executed malicious JavaScript code in the...

Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

GHSA-WC6F-QJXC-622V Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

CVE-2024-0758 MolecularFaces XSS

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

CVE-2023-51464

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

SUSE CVE-2023-40577

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

GHSA-GHJV-MH6X-7Q6H avo vulnerable to stored cross-site scripting (XSS) in key_value field

Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...

Cross site scripting

An unauthenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...

CVE-2023-49258 Reflected cross-site scripting vulnerability

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...