CVE-2023-38215 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-38214 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-29306 Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2023-4294

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

Design/Logic Flaw

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers

Technical Analysis by: Thomas Elkins, Natalie Zargarov Contributions: Evan McCann, Tyler McGraw Recently, Rapid7 observed the Fake Browser Update lure tricking users into executing malicious binaries. While analyzing the dropped binaries, Rapid7 determined a new loader is utilized in order to...

URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. PoC 1. Add a new shortened link in the interface...

CVE-2023-22843

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored...

Cross-site Scripting (XSS)

cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to bootstrap.php accepting html files as an upload, which allows an attacker to inject and execute malicious Javascript into the browser...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of user input sanitization in the library, which allows an attacker to inject and execute malicious javascript through the maliciously crafted merge request...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the project settings page, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the email address for certain instances...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper validation in the ipynb files of the library, which allows an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the Flavored Markdown in the library, which allows an attacker to inject and execute malicious javascript...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles guest user permissions. An attacker can exploit this vulnerability to inject and execute malicious javascript on victim's browser...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the maliciously crafted default branch name...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the merge request with maliciously crafted branch name...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape user inputs before it output to the front end when creating new abuse reports, allowing an attacker to inject and execute malicious javascript on victim's browser...

Cross-Site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape user input while adding a new comment, allowing an attacker to inject and execute malicious javascript on victim's browser...

Cross-Site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input inserted through sitename parameter before it output to the front end, allowing an attacker to inject and execute malicious javascript on a victim's browser...