Wiki.js 安全漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. A security vulnerability exists in Wiki.js versions prior to 2.5.303, which stems from a vulnerability that allows an attacker to inject malicious JavaScript into the...

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from a lack of input validation and output encoding of untrusted data, and can be exploited by an unauthenticated...

PT-2024-25692 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.26.2 Description: The issue is related to improper escaping of a custom field's name, allowing an attacker to inject HTML and potentially execute arbitrary JavaScript when certain conditions are met, such as...

New Case Study: The Malicious Comment

How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a 'Thank you' not a 'Thank you'? When it's a...

CVE-2024-28979

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

CVE-2024-28979

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

CVE-2024-28979

Dell OpenManage Enterprise (Dell EMC) before 4.1.0 is affected by an improper neutralization of input during web page generation (Cross-site Scripting). The vulnerability arises from insufficient input filtering/escaping in the web UI, enabling a high-privilege remote attacker to inject scripts v...

PT-2024-41445 · Ооо "Вебсофт Девелопмент" · Websoft Hcm

Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга XSS путём внедрения специально сформированного...

PT-2024-30256 · Unknown · Super 8 Live Chat

Name of the Vulnerable Software and Affected Versions: Super 8 Live Chat affected versions not specified Description: The issue allows unauthenticated remote attackers to insert JavaScript code into the chat box due to a failure to properly filter user input. When the message recipient views the...

PT-2024-3189 · Ibm · Ibm Cloud Pak For Security +1

Name of the Vulnerable Software and Affected Versions: IBM QRadar Suite Software versions 1.10.12.0 through 1.10.19.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 Description: The issue is related to stored cross-site scripting, allowing users to embed arbitrary JavaScript code ...

The vulnerability of the CMS system Netcat, related to the manipulation of inter-site requests, allows a hacker to inject arbitrary JavaScript code.

The vulnerability of the CMS system Netcat is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code remotely...

PT-2024-13476 · Ibm · Ibm Sterling File Gateway

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 6.0.0.0 through 6.0.3.9 IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.3 IBM Sterling File Gateway version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web...

CVE-2024-1602

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

CVE-2024-26079 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PT-2024-18163 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The issue arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within...

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

PortlandLabs Concrete CMS 安全漏洞

PortlandLabs Concrete CMS is an open source content management system for teams from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS prior to 9.2.8, versions prior to 8.5.16, which stems from user input being output without escaping, and an attacker may be...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-40143)

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'forward.0.domain' parameter. This plugin only works with Tenable.ot. Please visit...

CVE-2024-20799

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...