PT-2025-5785 · Ibm · Ibm Applinx

Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

PT-2024-10872 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0 through 6.1.1.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

IBM Security ReaQta 安全漏洞

IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. A security vulnerability exists in IBM Security ReaQta version 3.12, which stems from the inclusion of a cross-site scripting vulnerability. An attacker exploiting the vulnerability...

Atlassian Confluence Data Center and Server 安全漏洞

Atlassian Confluence Data Center and Server is a data center of Atlassian Australia. A security vulnerability exists in Atlassian Confluence Data Center and Server. An attacker could exploit this vulnerability to execute arbitrary HTML or JavaScript code on the victim's browser. The following...

keycloak: XSS via assertion consumer service URL in SAML POST-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

PT-2023-30519 · Scrypted · Scrypted

Name of the Vulnerable Software and Affected Versions: Scrypted versions 0.55.0 and prior Description: Scrypted is a home video integration and automation platform. A reflected cross-site scripting vulnerability exists in the login page via the redirect uri parameter. By specifying a URL with the...

SUSE CVE-2023-40451

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...

SUSE CVE-2004-0908

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins...

PT-2022-6263 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The vulnerability in the web interface of the InfoSphere Information Server platform is related to the lack of protection of the web page structure. This issue allows a remote attack...

PT-2019-8786 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 6.0.x through 6.0.7 Description: An issue was discovered where a carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged-in customer's browse...

PT-2019-9671 · Ibm · Ibm Rational Collaborative Lifecycle Management

Name of the Vulnerable Software and Affected Versions: IBM Rational Collaborative Lifecycle Management versions 6.0 through 6.0.6.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

PT-2019-16846 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 5.2.0.1 through 6.0.0.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

Red Hat JBoss A-MQ JBoss console arbitrary code execution vulnerability

Red Hat JBoss A-MQ is the United States Red Hat Red Hat company's open source messaging platform. The platform is used to integrate applications , endpoints and devices , and provides a variety of messaging models to support real-time messaging . JBoss console is one of the controller . An...

Schneider Electric Modicon PLC Cross-Site Scripting Vulnerability

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A cross-site scripting vulnerability exists in the implementation of Modicon PLC, which can be exploited by an attacker to construct a specific URL and execute arbitrary Java...

gnut gnutella client html injection

Hello I recently discovered a bug in gnut, a console/www Gnutella client for Linux and Windows, that allows the injection of html code in the Search Result Page of the Webfrontend. This is done by sharing a file with html tags embedded. testHR.mp3 for example More complex things are possible with...