CVE-2024-3654 Cross-Site Scripting Vulnerability in Teixo by Teimas Global

An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session...

GHSA-93C5-RJ2P-W52X Cross-site Scripting (XSS) in mindsdb/mindsdb

When a user uploads a csv file that contains an javascript payload a Cross-site Scripting XSS is triggered when the file is viewed. This is true for both cloud version and OSS version...

Cross-site Scripting (XSS) in mindsdb/mindsdb

When a user uploads a csv file that contains an javascript payload a Cross-site Scripting XSS is triggered when the file is viewed. This is true for both cloud version and OSS version...

PT-2024-26703 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: mindsdb/mindsdb affected versions not specified Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability. When a user uploads a csv file containing a JavaScript payload, the XSS is triggered when the file is...

LimeSurvey Community 5.3.32 - Stored XSS Vulnerability

Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on: Windows Client...

LimeSurvey Community 5.3.32 - Stored XSS

Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...

CVE-2024-23819

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23821

GeoServer exposes a stored XSS in the GWC Demos Page. Affected: GeoServer with GWC Demos Page accessible to all users; vulnerability requires an authenticated administrator with workspace‑level privileges to store a JavaScript payload in the GeoServer catalog, which then executes in another user’...

CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23819

GeoServer has a stored Cross-Site Scripting (XSS) vulnerability in the MapML HTML Page. An authenticated administrator with workspace‑level privileges can store a JavaScript payload in the GeoServer catalog, which executes in another user’s browser when the MapML HTML Page is viewed. The MapML ex...

CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23640

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...

GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to...

GHSA-7X76-57FR-M5R5 GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapM...

GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's...

PT-2024-19991 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.0 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend...

CVE-2024-1146

Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'...

CVE-2024-1146 Cross-site Scripting at Alma Devklan Blog

Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'...

CVE-2024-1146 Cross-site Scripting at Alma Devklan Blog

Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'...