OpenCats 跨站请求伪造漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version 0.9.6, which stems from a cross-site request forgery vulnerability that can be exploited by an attacker to execute Javascript...

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

PT-2023-21056 · Git +1 · Opencats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious...

Cross-site Scripting (XSS)

jsuites is vulnerable to Cross-site Scripting XSS attacks. The vulnerability exists in the dropdown function of jsuites.js file due to improper HTML sanitization, allowing an attacker to inject and execute malicious JavaScript on a victim's browser...

Input validation

Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 including 12.x are affected. This has been fixed ...

CVE-2023-24810

CVE-2023-24810 affects Misskey prior to 13.3.1, where insufficient validation of the redirect URL during miauth authentication allows arbitrary JavaScript execution when a user approves the link. Versions below 13.3.1 (including 12.x) are impacted; a fix is available in 13.3.1. If upgrading is no...

CVE-2022-23713

A Cross-site-scripting XSS vulnerability was found in the Vega Charts Kibana integration. This issue could allow arbitrary JavaScript to be executed in a victim’s browser...

PT-2023-19794 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 13.3.1 Description: The issue arises from insufficient validation of the redirect URL during miauth authentication, allowing arbitrary JavaScript execution when a user allows the link. This can be exploited when user...

PT-2023-19942 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 13.5.0 Description: Misskey is an open source, decentralized social media platform. The link to the instance of the sender that appears when viewing a user or note received through ActivityPub is not properly validat...

K26351280: HTTP proxy client implementations vulnerability VU#905344

Security Advisory Description HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context o...

K20606443: iControl REST CSRF vulnerability CVE-2020-5922

Security Advisory Description iControl REST does not implement cross-site request forgery CSRF protections for users applying basic authentication in a web browser. CVE-2020-5922 Impact In a successful exploit, an attacker can run JavaScript in the context of the currently logged-in user. For an...

AXIS 207W 跨站脚本漏洞

The AXIS 207W is a web camera from AXIS Sweden. The AXIS 207W network camera suffers from a cross-site scripting vulnerability that originates from a Reflected Cross-Site Scripting XSS vulnerability in the Web Management Portal, which can be exploited by a remote attacker to execute arbitrary...

The vulnerability in the web interface of the IBM InfoSphere Information Server’s data integration software allows a perpetrator to execute arbitrary JavaScript code and gain unauthorized access to protected information.

The vulnerability of the web interface of the IBM InfoSphere Information Server software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and gain...

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed...

CVE-2019-17003

CVE-2019-17003 describes that scanning a QR code containing a javascript: URL could cause JavaScript to be executed. Connected sources consistently reference this behavior and assign a CVSS v3.1 base score of 6.1 (MEDIUM) with NETWORK attack vector, UI: REQUIRED, and impact on Confidentiality/Int...

SUSE CVE-2006-3014

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...

SUSE CVE-2007-5338

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed...

SUSE CVE-2009-2665

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

SUSE CVE-2009-3986

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property...

SUSE CVE-2013-0757

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to...