881 matches found
CVE-2024-33976
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'...
CVE-2024-33976
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'...
CVE-2024-33976 Cross-site Scripting in Janobe E-Negosyo System
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'...
CVE-2024-33975 Cross-site Scripting in Janobe E-Negosyo System
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.ph...
CVE-2024-33975
The provided connected document details a Cross-Site Scripting (XSS) vulnerability in E-Negosyo System version 1.0. The issue arises in the /admin/products/index.php endpoint, specifically via the view parameter, where an authenticated user could receive a crafted JavaScript payload, enabling a p...
PT-2024-25607 · Unknown · E-Negosyo System
Name of the Vulnerable Software and Affected Versions: E-Negosyo System version 1.0 Description: The issue is a Cross-Site Scripting XSS vulnerability that can be exploited by sending a specially crafted JavaScript payload to an authenticated user, allowing an attacker to partially take over thei...
CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959
CVE-2024-41959 affects mailcow: dockerized. An unauthenticated attacker can inject a JavaScript payload into the API logs, which is executed when the API logs page is viewed. This can enable malicious scripts to run in the user’s browser, potentially leading to unauthorized actions and data theft...
PT-2024-5829 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2024-07 Description: The issue is related to the Relay Hosts configuration, where an authenticated admin user can inject a JavaScript payload. This payload is executed when the configuration page is viewe...
PT-2024-25029 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe framework versions prior to 5.2.16 Description: A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front e...
PT-2024-28949
Name of the Vulnerable Software and Affected Versions Outline versions prior to 0.77.3 Description A type confusion issue in ProseMirror's rendering process leads to a Stored Cross-Site Scripting XSS issue. An authenticated user can create a document with a malicious JavaScript payload, which can...
CVE-2024-6229
A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...
GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason...
CVE-2024-5906
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...