Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

ARRIS DG3450 跨站脚本漏洞

The ARRIS DG3450 is a cable gateway from ARRIS America. The ARRIS DG3450 Cable Gateway suffers from a cross-site scripting vulnerability that stems from the presence of a reflective cross-site scripting vulnerability, which can be exploited by an attacker to execute arbitrary JavaScript code in t...

teler-waf 安全漏洞

teler-waf is a Go HTTP middleware that provides teler IDS functionality to prevent Web-based attacks and improve the security of Go-based Web applications. It is highly configurable and easy to integrate into existing Go applications. A security vulnerability exists in teler-waf versions prior to...

FreeBSD : Grafana -- Stored XSS in geomap panel plugin via attribution (e2a8e2bd-b808-11ed-b695-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2a8e2bd-b808-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch,...

CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...

PT-2023-20677 · Vega · Vega

Name of the Vulnerable Software and Affected Versions: Vega versions prior to 5.13.1 Description: The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. This can be exploited to escape the Vega expression sandbox in order to execute...

CVE-2023-0507

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript...

Cross-site Scripting (XSS)

@braintree/sanitize-url is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the decodeHtmlCharacters function in index.ts does not properly sanitize html encoded colons in the urlSchemeRegex parameter, which allows an attacker to inject and execute malicious JavaScript by...

PT-2023-20449 · Teler-Waf · Teler-Waf

Name of the Vulnerable Software and Affected Versions: teler-waf versions prior to 0.2.0 Description: teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. The issue allows an attacker to execute arbitrary JavaScript code on the victim's...

Grafana 跨站脚本漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A cross-site scripting vulnerability exists in Grafana version 8.1, which stems from map attributes not...

CVE-2022-4901

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim...

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

OpenCats 跨站请求伪造漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version 0.9.6, which stems from a cross-site request forgery vulnerability that can be exploited by an attacker to execute Javascript...

PT-2023-21056 · Git +1 · Opencats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious...

Cross-site Scripting (XSS)

jsuites is vulnerable to Cross-site Scripting XSS attacks. The vulnerability exists in the dropdown function of jsuites.js file due to improper HTML sanitization, allowing an attacker to inject and execute malicious JavaScript on a victim's browser...

Input validation

Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 including 12.x are affected. This has been fixed ...

CVE-2023-24810

CVE-2023-24810 affects Misskey prior to 13.3.1, where insufficient validation of the redirect URL during miauth authentication allows arbitrary JavaScript execution when a user approves the link. Versions below 13.3.1 (including 12.x) are impacted; a fix is available in 13.3.1. If upgrading is no...

CVE-2022-23713

A Cross-site-scripting XSS vulnerability was found in the Vega Charts Kibana integration. This issue could allow arbitrary JavaScript to be executed in a victim’s browser...

PT-2023-19942 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 13.5.0 Description: Misskey is an open source, decentralized social media platform. The link to the instance of the sender that appears when viewing a user or note received through ActivityPub is not properly validat...