LocalAI 跨站请求伪造漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. LocalAI suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF tokens on the web server, which allows an attacker to host malicious JavaScript on a host that coul...

CVE-2024-2726

Stored Cross-Site Scripting Stored-XSS vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-21159)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-21161)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cross-Site Scripting (XSS)

octoprint is vulnerable to Cross-Site Scripting XSS. The vulnerability due to improper input validation and sanitization of the webcam snapshot URL input field, which allows for the execution of malicious JavaScript code into the victim's browser...

CVE-2024-1785

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2024-1785 Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2024-1785 Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...

Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2024-20506)

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker can exploit the vulnerability to execute malicious JavaScript...

Palo Alto Networks PAN-OS Cross-Site Scripting Vulnerability (CNVD-2024-20509)

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker can exploit the vulnerability to execute malicious JavaScript...

CVE-2024-26124

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26107

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26101

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26103

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26056

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Schneider Electric Easergy T200 Cross-Site Scripting Vulnerability

Schneider Electric Easergy T200 is an intelligent digital protection terminal from Schneider Electric France. It is mainly used for protection and control in power systems, helping to monitor and protect power equipment from faults and abnormal operations, thus ensuring the stable operation of th...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2015-10130

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circlethumbnailsliderwithlightboximagemanagementfunc function. This makes it possible for unauthenticated attacke...

Team Circle Image Slider With Lightbox < 1.0.1 - Image Data Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the circlethumbnailsliderwithlightboximagemanagementfunc function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious...