CVE-2024-54032

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

IBM Carbon Design System 跨站脚本漏洞

IBM Carbon Design System is a design system for building user interfaces. A cross-site scripting vulnerability exists in IBM Carbon Design System. The vulnerability stems from insufficient validation of user input. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in th...

PT-2024-32413 · Ibm · Ibm Carbon Design System

Name of the Vulnerable Software and Affected Versions: IBM Carbon Design System Carbon Charts versions 0.4.0 through 1.13.16 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

CVE-2024-7874

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx"...

CVE-2024-7875 XSS in Tungsten Automation TotalAgility

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious...

CVE-2024-7875

CVE-2024-7875 affects Tungsten Automation (Kofax) TotalAgility up to version 7.9.0.25.0.954. The vulnerability is a Reflected XSS in the ScanFront.aspx endpoints where mfpScreenResolutionWidth is manipulated via POST data. An attacker can inject JavaScript code, leading to information disclosure,...

CVE-2024-7874 XSS in Tungsten Automation TotalAgility

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx"...

CVE-2024-7874

CVE-2024-7874 affects Tungsten Automation TotalAgility versions up to 7.9.0.25.0.954. The vulnerability is a Reflected Cross‑Site Scripting (XSS) via the mfpConnectionId parameter in forms posted to /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx and /TotalAgility/Kofax/BrowserDevice/ScanFrontDe...

CVE-2024-7874 XSS in Tungsten Automation TotalAgility

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx"...

DRUPAL-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation, allowing authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device in the "Services" tab of the Device page...

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "metric" parameter in the "/wireless" and "/health" endpoints, allowing attackers to inject arbitrary JavaScript...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "billname" parameter, allowing authenticated users to inject arbitrary JavaScript when creating a new bill...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "token" parameter, which allows authenticated users to inject arbitrary JavaScript when creating a new API token...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "unit" parameter in the "Custom OID" tab, allowing authenticated users to inject arbitrary JavaScript when creating a new OID...

CVE-2024-6485

A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in the lack of measures taken to protect the website structure, allowing attackers to inject arbitrary JavaScript code.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code through a specially created UR...

CVE-2024-53255 Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the "hostname" parameter on the "Capture Debug Information" page, allowing authenticated users to inject arbitrary JavaScript...