CVE-2024-36162 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36198

Adobe Experience Manager (AEM) version 6.5.20 and earlier is affected by a stored XSS vulnerability in vulnerable form fields. The root cause is untrusted input being stored and later rendered, enabling attacker-supplied JavaScript to execute in a victim’s browser. Public references in multiple f...

CVE-2024-36180 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36214

CVE-2024-36214 affects Adobe Experience Manager (AEM) 6.5.20 and earlier, with a stored XSS in vulnerable form fields. An attacker could inject malicious scripts that execute in a victim’s browser when visiting a page containing the vulnerable field. CVSS 3.1 base score: 5.4 (Medium). The linked ...

CVE-2024-36148 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-36163

Adobe Experience Manager (AEM)

CVE-2024-36187

Adobe Experience Manager (AEM) prior to version 6.5.21 is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing attacker-injected JavaScript to run in the victim’s browser when visiting a page containing the field. Affected product/version: AEM 6.5.20 a...

CVE-2024-36209 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26085 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36167 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36203

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored XSS vulnerability in vulnerable form fields (CVE-2024-36203). An attacker could inject malicious JavaScript that executes in a victim’s browser when loading a page containing the vulnerable field. CVSS v3.1 base score 5.4 ...

CVE-2024-36185 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26081 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-5478

A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...

CVE-2024-5478

CVE-2024-5478 affects lunary-ai/lunary v1.2.7. Root cause: user-supplied orgId is embedded directly into XML/SAML metadata without proper escaping/validation, enabling XSS via the /auth/saml/${org?.id}/metadata endpoint. Impact: potential theft of user cookies or authentication tokens through inj...

SUSE CVE-2023-40030

Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

UBUNTU-CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

PT-2024-40096 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Silverstripe versions prior to a fixed version affected versions not specified Description: The issue affects Internet Explorer browsers, where requests do not encode all entities in the URL string. As a result, when rewriting hashlinks,...

Wiki.js 安全漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. A security vulnerability exists in Wiki.js versions prior to 2.5.303, which stems from a vulnerability that allows an attacker to inject malicious JavaScript into the...