655 matches found
Contao 代码问题漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao version 5.4.1. The vulnerability is exploited by attackers to perform cross-site...
PT-2025-6048
Name of the Vulnerable Software and Affected Versions npm-serialize-javascript versions up to 6.0.1 Description The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to injec...
CVE-2024-31199
A “CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'” allows malicious users to permanently inject arbitrary Javascript code...
MAL-2024-2095 Malicious code in discord-selfbot.js-v13 (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-26111 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
CVE-2023-40472
PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...
Leantime Systems Leantime 安全漏洞
Leantime Systems Leantime is an open source PHP and MySQL based project management system from Leantime Systems, Inc. A security vulnerability exists in Leantime Systems Leantime version 3.0.6, which stems from the presence of a cross-site scripting vulnerability that allows an attacker to inject...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.x, 20.x, and 21.x. The vulnerability stems from the fact that an attacker can make the server completely unavailable by sending a small number of HTTP/2 framed packets...
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
SuperCali Security Vulnerabilities
SuperCali is an event calendar script from SuperCali. A security vulnerability exists in SuperCali version 1.1.0. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...
PT-2024-21167 · Foxit · Foxit Pdf Reader +1
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions prior to 2024.1 Foxit PDF Editor versions prior to 2024.1 Description: The issue allows code execution via JavaScript due to an unoptimized prompt message for users to review parameters of commands. Recommendations:...
CVE-2024-27087
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...
CVE-2024-26465
CVE-2024-26465 concerns a DOM-based cross-site scripting (XSS) in the component/beep/Beep.Instrument.js of the Stewdio Beep.js project, prior to commit ef22ad7. The issue allows an attacker to execute arbitrary JavaScript by sending a crafted URL. The vulnerability is described across multiple so...
CVE-2024-1563
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...
CVE-2024-20721 T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words
Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...
CVE-2024-20721 T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words
Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...
CVE-2023-52204 WordPress Randomize Plugin <= 1.4.3 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3...
CVE-2023-43481
An issue in Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser 6.65.022dab24cc6231221gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component...
PT-2023-28666 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...
CVE-2023-6217 MOVEit Transfer XSS via MOVEit Gateway
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a reflected cross-site scripting XSS vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting...