CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and prior versions, whi...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...

Zimbra Collaboration Server 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 10.1 and prior versions, which stems from improper cleaning of file contents by th...

CVE-2023-0109

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...

PT-2024-16805

Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions prior to 24.5.1c Description An XSS issue was discovered in MDaemon Email Server, allowing a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window by sending an HTML...

PT-2024-33668 · Librenms · Librenms +1

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: The application fails to properly sanitize user input, allowing an attacker to execute malicious JavaScript code. This issue occurs when a user with an Admin role adds Notes to a device and the...

webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability that stems from the presence of a cross-site scripting XSS vulnerability that allows an authenticated...

CVE-2024-52552

Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

UBUNTU-CVE-2024-51490

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...

UBUNTU-CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

CVE-2024-52286

CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...

CVE-2024-46964

The com.video.downloader.all aka All Video Downloader application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component...

Super Unlimited com.superfast.video.downloader 安全漏洞

Super Unlimited com.superfast.video.downloader Super Unlimited Video Downloader is a video downloader from Super Unlimited, Inc. A security vulnerability exists in com.superfast.video.downloader Super Unlimited Video Downloader - All in One version 5.1.9 and earlier. An attacker can exploit this...

Ikhgur mn.ikhgur.khotoch 安全漏洞

Ikhgur mn.ikhgur.khotoch Ikhgur Video Downloader Pro & Browser is a video downloader from Ikhgur. A security vulnerability exists in Ikhgur mn.ikhgur.khotoch Video Downloader Pro & Browser version 1.0.42 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary JavaScri...

Video Developers com.video.downloader.all 安全漏洞

Video Developers com.video.downloader.all Video Developers All Video Downloader is a video downloader from Video Developers, Inc. A security vulnerability exists in version 11.28 and earlier of com.video.downloader.all All Video Downloader. An attacker can exploit this vulnerability to execute...