CVE-2024-3851

A stored Cross-Site Scripting XSS vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript payloads, which are then executed in the...

PT-2024-10381 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi affected versions not specified Description: The issue is related to a lack of protection measures on web pages, allowing a remote attacker to execute arbitrary JavaScript code by uploading a specially crafted PDF file. Recommendations...

PrivateGPT Security Vulnerabilities

PrivateGPT is an AI project. A security vulnerability exists in PrivateGPT that stems from improper file upload validation, which can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser session by uploading a malicious HTML file...

RHEL 8 : firefox (RHSA-2024:2887)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2887 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

DEBIAN-CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

UBUNTU-CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4367

CVE-2024-4367 concerns a missing type check when handling fonts in PDF.js, allowing arbitrary JavaScript execution within the PDF.js context. Affected products listed in connected docs include Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11. The root cause is limited ...

Cross-Site Scripting

mantisbt/mantisbt is vulnerable to Cross-Site Scripting. The vulnerability is due to improper user input sanitization of the custom field's name, allowing attackers to inject HTML and potentially execute arbitrary JavaScript in certain scenarios...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-135-01)

The version of mozilla-firefox installed on the remote host is prior to 115.11.0esr / 126.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-135-01 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript...

GHSA-WGX7-JP56-65MQ Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

CVE-2024-34081 MantisBT Cross-site Scripting vulnerability

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

F5 BIG-IP Configuration Utility Cross-Site Scripting Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

F5 BIG-IP Configuration Utility Cross-Site Scripting Vulnerability (CNVD-2024-22215)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

CVE-2024-33604

A reflected cross-site scripting XSS vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...