Input validation

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

UBUNTU-CVE-2023-6033

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

CVE-2023-6033 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

CVE-2023-6033

Removed by vendor...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from incorrect...

PT-2023-32486 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 16.4.2 GitLab CE/EE versions 16.5 through 16.5.2 GitLab CE/EE versions 16.6 through 16.6.0 Description: The issue is related to improper neutralization of input in Jira integration configuration, allowing a...

CVE-2023-47418

Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...

CVE-2023-47418

The CVE-2023-47418 entry concerns O2OA, affected in versions 8.1.2 and earlier. The vulnerability allows Remote Code Execution by attackers who can create a new interface in the service management function to run JavaScript. Impact is described as high (RCE) and accessible over network with no pr...

O2OA Security Breach

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 8.1.2 and earlier versions, which stems from the presence of a Remote Code Execution RCE vulnerability. The vulnerability can be exploited by an attacker to create a new interface...

Improper Neutralization of Input in Advanced User Interface for Jolt

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

DOM-based XSS in comment when edit in a new tab

h3. Issue Summary DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker- controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval or innerHTML. This enables attackers to execute maliciously JavaScript, which...

CVE-2023-41791 Lack of Authorization and Stored XSS Via Translation Abuse

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...

Artica Pandora FMS Cross-Site Scripting Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS versions 700 through 773, which is caused due to an inpu...

Nautobot Cross-Site Scripting Vulnerability

Nautobot is a web automation platform by the individual developers of Nautobot. Nautobot suffers from a cross-site scripting vulnerability that stems from the possibility of being affected by a cross-site scripting vulnerability that could allow an attacker to craft a malicious payload to execute...

The vulnerability of the administration console of the SIMATIC PCS neo web-based process control system lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the administration console of the SIMATIC PCS neo web-based process control system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code...

CVE-2023-38882

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...

CVE-2023-38881

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...

The vulnerability of the software for creating control panels for energy management systems, namely EcoStruxure PowerSCADA Operation (PSO) – Advanced Reporting and Dashboards Module, EcoStruxure PowerOperation (EPO) – Advanced Reporting and Dashboards Module, and the energy monitoring software EcoStruxure Power Monitoring Expert, arises due to insufficient protection measures for the website structure. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the software used for creating control panels for energy management systems, such as EcoStruxure PowerSCADA Operation PSO – Advanced Reporting and Dashboards Module, EcoStruxure PowerOperation EPO – Advanced Reporting and Dashboards Module, and the energy monitoring software...

webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

Important: Red Hat Security Advisory: webkit2gtk3 security, bug fix, and enhancement update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...