881 matches found
CVE-2024-2001 Cross-Site Scripting vulnerability in Cockpit CMS
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded...
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...
CVE-2024-25974
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting XSS vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 or lower as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing a...
Cross site scripting
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting XSS vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 or lower as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing a...
CVE-2024-25974 Stored Cross-Site Scripting (XSS) within the Media Center
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting XSS vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 or lower as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing a...
CVE-2024-25627 Cross-Site Scripting (XSS) via File Upload in Alf.io
Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...
PT-2024-21047 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: Alf.io versions prior to 2.0-M4-2402 Description: The issue allows an administrator on the Alf.io application to upload HTML files that trigger JavaScript payloads. This could enable an attacker who gains administrative access to persist acce...
Palo Alto Networks PAN-OS 8.1.x < 8.1.25 / 9.0.x < 9.0.17 / 9.1.x < 9.1.16 / 10.0.x < 10.0.11 / 10.1.x < 10.1.6 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.25 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.16 or 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.6. It is, therefore, affected by a vulnerability. - A cross-site scripting XSS vulnerability in Palo Al...
CVE-2024-0007
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator...
CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator...
Palo Alto Networks PAN-OS 安全漏洞
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker could exploit the vulnerability to store a JavaScript payload using the web interface on the Panorama device...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
Cross site scripting
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
Westermo Lynx 206-F2G Cross-Site Scripting Vulnerability
The Westermo Lynx 206-F2G is a Layer 3 industrial Ethernet switch from Westermo, Sweden, powered by the Westermo WeOS network operating system. A security vulnerability exists in the Westermo Lynx 206-F2G. An attacker can exploit this vulnerability to introduce arbitrary JavaScript by injecting a...
WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Date: April 18, 2023 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference:...
CVE-2023-6282
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...
Cross site scripting
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...
CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...