VulnCheck KEV: CVE-2024-37383

RoundCube Webmail contains a cross-site scripting XSS vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code...

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could execute malicious JavaScript in a user's browser...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

Cross-site Scripting (XSS)

Contao is vulnerable to stored Cross-site Scripting XSS. The vulnerability is due to improper validation of SVG file uploads, allowing an authenticated admin to upload a file containing malicious JavaScript that can be executed when accessed through the website...

Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqqr-fgmh-f626. This link is maintained to preserve external references. Original Description Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the...

GHSA-HXPP-G76M-QHVG October allows an admin account to upload PDF containing malicious JavaScript

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

October allows an admin account to upload PDF containing malicious JavaScript

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

CVE-2024-45962

CVE-2024-45962 affects October CMS 3.6.30. An authenticated admin can upload a PDF containing malicious JavaScript; when accessed via the website this can lead to XSS or potential arbitrary code execution in the target. No fixed version is published in the provided documents. Remediation guidance...

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Devic...

SAP NetWeaver Application Server Cross-Site Scripting Vulnerability (CNVD-2024-49629)

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server that originates from insufficient input validation and can be exploited by an unauthenticated attacker to create URL links that can embed...

CVE-2024-45279 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim'...

CVE-2024-45279 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim'...

CVE-2024-45279

CVE-2024-45279 affects the SAP NetWeaver Application Server for ABAP, specifically the CRM Blueprint Application Builder Panel. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient input validation that enables an unauthenticated attacker to craft a URL embedding malicio...

Cross-site Scripting (XSS)

automad/automad is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization, allowing an attacker to inject malicious JavaScript code into the template body, which is then stored in the CMS and executed in the browser of any user visiting the forum...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-41841

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-40111

CVE-2024-40111 describes a stored XSS in Automad 2.0.0-alpha.4. The vulnerability lets an attacker inject JavaScript into the template body which is saved by the flat-file CMS and executed in the browser of any user visiting the page (e.g., forum). Practical impact stated across sources includes ...

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...