mailcow 安全漏洞

mailcow is a mail server suite from mailcow open source. A security vulnerability exists in versions prior to mailcow 2024-07 that originates from an authenticated administrator user being able to inject a JavaScript payload into the relay host configuration, which could allow an attacker to...

CVE-2024-7204

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-31199

A “CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'” allows malicious users to permanently inject arbitrary Javascript code...

PT-2024-23842 · Plug&Track +1 · Sensor Net Connect V2 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A CWE-79 issue allows malicious users to permanently inject arbitrary Javascript code, enabling cross-site scripting. This issue permits malicious users to inject code into web page...

Plug and Track Sensor Net Connect 安全漏洞

Plug and Track Sensor Net Connect is a smart sensor from the French company Plug and Track. It is used to monitor temperature, humidity, pressure, CO2 and other parameters. A security vulnerability exists in Plug and Track Sensor Net Connect version V2, which stems from the presence of cross-site...

Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Impact This XSS vulnerability is about the system configs design/header/welcome design/header/logosrc design/header/logosrcsmall design/header/logoalt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously...

PT-2024-29501 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento-lts versions prior to 20.10.1 Description: This issue affects the design/header/welcome, design/header/logo src, design/header/logo src small, and design/header/logo alt system configs, which are intended to enable admins to set a tex...

CVE-2024-3246

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScrip...

Adtran NetVanta 3120 跨站脚本漏洞

The Adtran NetVanta 3120 is a fixed-port Ethernet router from Adtran USA. A cross-site scripting vulnerability exists in the Adtran NetVanta 3120 version 18.01.01.00.E. The vulnerability stems from the presence of multiple stored cross-site scripting vulnerabilities, which allows remote attackers...

PT-2024-24325 · Adtran · Adtran Netvanta 3120

Name of the Vulnerable Software and Affected Versions: AdTran NetVanta 3120 version 18.01.01.00.E Description: The issue allows remote attackers to inject arbitrary JavaScript code, exploiting multiple stored cross-site scripting XSS vulnerabilities. This is demonstrated by various API endpoints,...

Acronis: Potential XSS Vulnerability in Acronis Login Callback URL

The Acronis login callback URL was found to be vulnerable to cross-site scripting XSS attacks. The redirectUrl parameter in the URL was not properly sanitized, allowing an attacker to inject arbitrary JavaScript code. This could have been exploited to steal user session cookies...

CVE-2024-32981 Cross-site Scripting vulnerability with encoded payload in silverstripe/framework

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end o...

IBM Rational ClearQuest 跨站脚本漏洞

IBM Rational ClearQuest IBM Rational CQ is a change management software from International Business Machines IBM. It can help increase developer productivity while providing methods, processes, and tools that are best suited for project and team personnel. A cross-site scripting vulnerability...

PT-2024-18436 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.44 Description: The issue allows authenticated attackers with contributor access and above to modify the content of arbitrary published posts due to a missing...

CVE-2024-6740

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

IBM Datacap Navigator 安全漏洞

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Datacap Navigator, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI...

PT-2024-37836 · Openfind · Openfind Mail2000

Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue allows unauthenticated remote attackers to inject JavaScript code within email attachments, resulting in Stored Cross-site scripting attacks, due to improper validation ...

PT-2024-37838 · Aguardnet Technology · Aguardnet Technology'S Space Management System

Name of the Vulnerable Software and Affected Versions: AguardNet Technology's Space Management System affected versions not specified Description: The issue is related to improper filtering of user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected...

CVE-2024-40690

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 29772...

PT-2024-28986 · Ibm · Ibm Infosphere Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Server version 11.7 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...