CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...

CVE-2024-40111

CVE-2024-40111 describes a stored XSS in Automad 2.0.0-alpha.4. The vulnerability lets an attacker inject JavaScript into the template body which is saved by the flat-file CMS and executed in the browser of any user visiting the page (e.g., forum). Practical impact stated across sources includes ...

CVE-2024-43006

ZZCMS2023 contains a stored XSS in /user/ask_edit.php?action=add via the content parameter. When an attacker injects JavaScript in content and a user loads ask/show_{newsid}.html, the script runs in the user’s browser, potentially stealing cookies or session tokens. Affected component: ZZCMS2023,...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2024-44532)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce that can be exploited by an attacker to execute malicious JavaScript in a browser...

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce that can be exploited by an attacker to execute malicious JavaScript in a browser...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

CVE-2024-6892

Summary of CVE-2024-6892 (Journyx Reflected XSS) Affected product: Journyx (jtime) version 11.5.4. Root cause: Reflected cross-site scripting caused by unsanitized/reflected error_description parameter in the active directory login flow, which can be set via the URL and reflected in the page resp...

PT-2024-5620 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.21 XWiki Platform versions prior to 15.5.5 XWiki Platform versions prior to 15.10.6 XWiki Platform versions prior to 16.0.0 Description: The issue is related to the execution of malicious JavaScript code...

Tracks 安全漏洞

Tracks is an open source GTD-compatible web application built with Ruby on Rails by TracksApp. A security vulnerability exists in Tracks versions prior to 2.7.1. An attacker exploited the vulnerability to execute malicious JavaScript in a user's browser environment, which could lead to a credenti...

CVE-2024-3246

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScrip...

CVE-2024-3246 LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScrip...

CVE-2024-3246 LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScrip...

CVE-2024-40626

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...

CVE-2024-1937

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...

CVE-2024-1937

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...

CVE-2024-1937

CVE-2024-1937 (Brizy – Page Builder for WordPress) affects Brizy up to version 2.4.44. The vulnerability is caused by a missing capability check in the update_item function, allowing authenticated attackers with contributor access and above to modify content of arbitrary published posts, includin...

PT-2024-24310 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 3.7.0 through 3.7.41 Stormshield Network Security SNS versions 3.10.0 through 3.11.29 Stormshield Network Security SNS versions 4.0 through 4.3.24 Stormshield Network Security SNS versions 4.4.0 throu...

Naver Whale Browser Security Vulnerability

Naver Whale Browser is a web browser from Naver, a South Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 3.26.244.21, which stems from improper cleanup when dealing with built-in extensions, allowing an attacker to...

PT-2024-28945 · Unknown · Whale Browser

Name of the Vulnerable Software and Affected Versions: Whale browser versions prior to 3.26.244.21 Description: The issue allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. Recommendations: For versions prior to 3.26.244.21, updat...