CVE-2023-46099

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...

VulnCheck KEV: CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

PT-2023-8376 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5.0 Description: The issue is related to a lack of protection for the web page structure in the IBM QRadar SIEM system, allowing a remote attacker to bypass restrictions on executing JavaScript. This can lead to the...

The vulnerability of the Galaxy Store application stems from the lack of measures taken to protect the website structure. This allows attackers to execute JavaScript scripts during the loading of the website.

The vulnerability of the Galaxy Store application exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to execute a JavaScript script during the loading of the website...

CVE-2023-47114

CVE-2023-47114 affects Fides HTML-formatted Data Subject Request packages. Root cause: lack of input validation for data from connected systems/data stores, enabling HTML injection when a data subject opens the downloaded package (typically HTML files in ZIP) in a browser via file://. Existence o...

Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...

webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

The vulnerability in the bitrix/modules/main/tools.php component of the Bitrix24 business management service allows a malicious individual to gain unauthorized access to protected information and execute arbitrary JavaScript code.

The vulnerability of the bitrix/modules/main/tools.php component of the Bitrix24 business management service is related to initialization errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information and execute arbitrary...

The vulnerability in the component bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js of the main service module for managing Bitrix24 allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the component bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js, which is part of the main service for managing Bitrix24, relates to uncontrolled changes to prototype object attributes. Exploiting this vulnerability could allow an attacker to execute...

CVE-2023-1716

Cross-site scripting XSS vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...

Bitrix24 Security Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 22.0.300, which stems from a missing response header o...

Cross-site Scripting (XSS)

ethyca-fides is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of proper validation in the privacyexperience.py , which results in inadequate verification of privacy policy URLs. This flaw allows an attacker to create a malicious payload in the privacy policy URL. When...

The vulnerability in the library program/lib/Roundcube/rcube_washtml.php of the RoundCube Webmail client allows a malicious user to execute arbitrary JavaScript code.

The vulnerability of the library program/lib/Roundcube/rcubewashtml.php of the RoundCube Webmail client exists because no measures have been taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code through a...

CVE-2023-46126

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

Design/Logic Flaw

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

Fides JavaScript Injection Vulnerability in Privacy Center URL

Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...

PT-2023-29859 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.22.1 Description: The Fides web application allows users to edit consent and privacy notices, such as cookie banners. A vulnerability exists where a crafted payload in the privacy policy URL can trigger JavaScript...

Cross site scripting

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirecturi and clientid parameters. Although the redirecturi validation typically ensures that it matches th...

CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirecturi and clientid parameters. Although the redirecturi validation typically ensures that it matches th...