SMSEagle 安全漏洞

SMSEagle is a specialized hardware SMS gateway software for sending and receiving SMS messages from SMSEagle, Inc. A security vulnerability exists in SMSEagle version 6.0 that stems from the application not properly cleaning user input from SMS messages in the inbox, leading to a stored cross-sit...

CVE-2024-40111

CVE-2024-40111 describes a stored XSS in Automad 2.0.0-alpha.4. The vulnerability lets an attacker inject JavaScript into the template body which is saved by the flat-file CMS and executed in the browser of any user visiting the page (e.g., forum). Practical impact stated across sources includes ...

CVE-2024-37392

CVE-2024-37392 describes a stored XSS in SMSEagle prior to version 6.0. The issue stems from improper sanitization of user input in SMS messages stored in the inbox, allowing injected JavaScript to execute when a message is viewed in the web-GUI. Impact is a client-side script execution risk with...

CVE-2024-41572

Learning with Texts LWT 2.0.3 is vulnerable to Cross Site Scripting XSS. The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user...

Learning with Texts 安全漏洞

Learning with Texts LWT is a software application by the individual developer Jon Gauthier. It allows users to import text, read, save, view and test words and expressions in multiple languages. A security vulnerability exists in Learning with Texts version 2.0.3, which stems from not filtering...

PT-2024-12097 · Xiaomi · Xiaomigetapps

Name of the Vulnerable Software and Affected Versions: XiaomiGetApps affected versions not specified Description: A code execution vulnerability exists in the XiaomiGetApps application product, caused by the verification logic being bypassed. An attacker can exploit this vulnerability to execute...

CVE-2024-43396

Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in...

CVE-2024-43400 XWiki Platform allows XSS through XClass name in string properties

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. Thi...

CVE-2024-6533

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...

PT-2024-29558 · Ibm · Ibm Common Licensing

Name of the Vulnerable Software and Affected Versions: IBM Common Licensing version 9.0 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

Acronis: Potential XSS in redirect_url Parameter

The summary is as follows: A vulnerability was identified on https://learn.acronis.com/ in the redirecturl parameter, where arbitrary JavaScript code could be injected. By manipulating the redirectUrl parameter, an attacker could execute JavaScript code on the victim's browser...

CVE-2024-33536

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading...

CVE-2024-21550

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability in Zimbra Collaboration Suite versions 9.0 and 10.0, which stems from insufficient input validation of the res parameter, allow...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation in the userfiles\modules\tags\addtaggingtagged.php, allows attackers to inject and execute arbitrary JavaScript...

CVE-2024-41959

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

CVE-2024-41960

CVE-2024-41960 affects mailcow: dockerized (Relay Hosts configuration). An authenticated admin can inject a JavaScript payload into the Relay Hosts config, and the payload executes in the user’s browser when the configuration page is viewed, enabling arbitrary script execution in the user context...

PT-2024-5831 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2024-07 Description: The issue allows an unauthenticated attacker to inject a JavaScript payload into the API logs. This payload is executed when the API logs page is viewed, potentially allowing an...

mailcow 安全漏洞

mailcow is a mail server suite from mailcow open source. A security vulnerability exists in versions prior to mailcow 2024-07 that stems from the ability of an unauthenticated attacker to inject a JavaScript payload into API logs, which could allow an attacker to run malicious scripts in the...