CVE-2024-33604

A reflected cross-site scripting XSS vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

PT-2024-25370 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: A reflected cross-site scripting XSS issue exists in an undisclosed page of the BIG-IP Configuration utility. This allows an attacker to run JavaScript in the context of the currently...

GHSA-87HQ-Q4GP-9WR4 react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js

Summary If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches This patch forces isEvalSupported to false, removing...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342

This CVE affects the react-pdf library (PDF.js integration). When PDF.js loads a malicious PDF and isEvalSupported is true (default), attacker-controlled JavaScript can run in the hosting domain’s context. The vulnerability is fixed in PDF.js when updated to versions 7.7.3 or 8.0.2, and react-pdf...

React-PDF 安全漏洞

React-PDF is an application by Wojciech Maj Personal Developer. A security vulnerability exists in react-pdf. An attacker exploiting this vulnerability could execute JavaScript code...

CVE-2024-34061 Reflected cross site scripting in changedetection.io

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...

CVE-2024-34061

CVE-2024-34061 – Changedetection.io is affected in versions prior to 0.45.22. A reflected Cross‑Site Scripting (XSS) vulnerability arises because input in the notification_urls parameter is not properly sanitized and is reflected on the page, enabling injection of malicious JavaScript. The CVSS v...

CVE-2024-34061 Reflected cross site scripting in changedetection.io

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...

Cross Site Scripting (XSS)

phlex is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-provided data in HTML attributes. If an application renders an tag within a href attribute thats set to a user provided link, arbitrary JavaScript execution may occur due to overly...

CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server

Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...

CVE-2024-32966

The CVE-2024-32966 issue affects Static Web Server (SWS) when directory listings are enabled and a user with upload rights can name files. The directory listing code embeds file/directory names directly into HTML without escaping, enabling stored XSS via malicious file names (e.g., .txt). This ca...

Static Web Server 安全漏洞

Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server SWS versions 2.28.0 and earlier that originates from a vulnerability that allows an attacker to upload a malicious filename to execute JavaScript code in the we...

PT-2024-25013 · Unknown · Static Web Server

Name of the Vulnerable Software and Affected Versions: Static Web Server SWS affected versions not specified Description: The issue allows JavaScript code execution in the context of the web server's domain when directory listings are enabled for a directory that an untrusted user has upload...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-024)

The version of firefox installed on the remote host is prior to 115.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-024 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

UBUNTU-CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...