CVE-2024-9592 Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options

The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgcpluginoptions' function. This makes it possible for unauthenticated attackers to update the...

CVE-2024-45123

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context...

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that can be exploited by an attacker to say that accessing a URL that references a...

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could execute malicious JavaScript in a user's browser...

VulnCheck KEV: CVE-2024-37383

RoundCube Webmail contains a cross-site scripting XSS vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

Cross-site Scripting (XSS)

Contao is vulnerable to stored Cross-site Scripting XSS. The vulnerability is due to improper validation of SVG file uploads, allowing an authenticated admin to upload a file containing malicious JavaScript that can be executed when accessed through the website...

Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqqr-fgmh-f626. This link is maintained to preserve external references. Original Description Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the...

GHSA-HXPP-G76M-QHVG October allows an admin account to upload PDF containing malicious JavaScript

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

October allows an admin account to upload PDF containing malicious JavaScript

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

CVE-2024-45962

CVE-2024-45962 affects October CMS 3.6.30. An authenticated admin can upload a PDF containing malicious JavaScript; when accessed via the website this can lead to XSS or potential arbitrary code execution in the target. No fixed version is published in the provided documents. Remediation guidance...

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Devic...

SAP NetWeaver Application Server Cross-Site Scripting Vulnerability (CNVD-2024-49629)

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server that originates from insufficient input validation and can be exploited by an unauthenticated attacker to create URL links that can embed...

CVE-2024-45279 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim'...

CVE-2024-45279

CVE-2024-45279 affects the SAP NetWeaver Application Server for ABAP, specifically the CRM Blueprint Application Builder Panel. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient input validation that enables an unauthenticated attacker to craft a URL embedding malicio...

CVE-2024-45279 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim'...

Cross-site Scripting (XSS)

automad/automad is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization, allowing an attacker to inject malicious JavaScript code into the template body, which is then stored in the CMS and executed in the browser of any user visiting the forum...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-41841

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...