CVE-2022-47373

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...

CVE-2022-47373

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...

UBUNTU-CVE-2022-47373

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...

SUSE CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior...

SUSE CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

Pandora FMS Console 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way.Pandora is an analytics framework used to find out if a file is suspicious or not and display the results easily. A securit...

Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!

Malicious actors have published more than 451 unique Python packages on the official Python Package Index PyPI repository in an attempt to infect developer systems with clipper malware. Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a...

Cross-site Scripting (XSS)

backdrop/backdrop is vulnerable to Cross-Site Scripting XSS. The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post...

Cross-site Scripting (XSS)

eta is vulnerable to Cross-site Scripting XSS. The vulnerability exists in file-handlers.ts due to improper user-input sanitization from the Express API allowing an attacker to inject and execute malicious JavaScript...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim's browser...

Cross-site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly escape the descriptions of test results, allowing an attacker with Run/Update permission to inject and execute malicious javascript...

Cross-site Scripting (XSS)

dompurify is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript via nested headlines...

Cross-site Scripting (XSS)

vova07/yii2-fileapi-widget is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript via the vulnerable run function in UploadAction.php...

Cross-site Scripting (XSS)

djangoucamlookup is vulnerable to Cross-Site Scripting XSS attacks. The invocation of jquery select2 to provide searchable dropdowns does not sanitize data coming from the lookup, allowing an attacker to inject and execute malicious JavaScript through formatResult function of the component Lookup...

Cross-site Scripting (XSS)

xataface is vulnerable to cross-site scripting. The vulnerability exists in installform.js.php due to lack of sanitization in the php elements which allows an attacker to inject and execute malicious javascript...

CVE-2022-40983

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page t...

Cross-site Scripting (XSS)

util-varexport is vulnerable to cross-site scripting. The vulnerability exists in the multiple functions of ViewExportedVariablesServlet.java as it does not properly escape the n-gram indexes in JSON before being rendered, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitizations in the index.ts file, which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

trafficserver is vulnerable to improper input validation. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. The vulnerability exists due to unchecked file uploads via the Resource endpoint, allowing an attacker to inject and execute malicious javascript...