Glassdoor: █████████eflected █████████████████ Vulnerability in Glassdoor Blog ███earch

A reflected cross-site scripting vulnerability was discovered in the Glassdoor blog search functionality. The vulnerability was remediated by strengthening input validation and output encoding...

PT-2024-6017 · Microsoft · Windows App Installer

Name of the Vulnerable Software and Affected Versions: Windows App Installer affected versions not specified Description: The issue is related to a lack of proper output encoding or escaping mechanism in the Microsoft App Installer, which can be exploited to conduct spoofing attacks using a...

The vulnerability in the web interface of a Git-based software platform for collaborative code development on GitLab allows a perpetrator to influence the integrity of the protected information.

The vulnerability of the Git-based software platform’s web interface for collaborative code development on GitLab is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected...

CVE-2024-6329 Improper Encoding or Escaping of Output in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

PT-2024-5513 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: The issue causes the web interface to fail to render the diff correctly when the path is encoded. This ...

U.S. Dept Of Defense: HTML Injection into https://www.██████.mil

HTML Injection vulnerability was identified on the website www.██████.mil. The vulnerability allowed attackers to inject malicious HTML code, which could have compromised the security and integrity of the website. Input validation and output encoding were recommended as mitigations to prevent suc...

SAP NetWeaver Application Server Cross-Site Scripting Vulnerability (CNVD-2024-35657)

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from a lack of input validation and output encoding of untrusted data, and can be exploited by an unauthenticated...

CVE-2024-32733

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...

CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...

CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...

PT-2024-24819 · Sap · Abap Platform +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP and ABAP Platform versions prior to 796 Description: The issue is caused by missing input validation and output encoding of untrusted data, allowing an unauthenticated attacker to inject malicious...

The vulnerability of the JsonErrorReportValve class in the Apache Tomcat application server allows a attacker to influence the integrity of the protected information.

The vulnerability of the JsonErrorReportValve class in the Apache Tomcat application server is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to influence the integrity of the protected information...

Dolibarr Application Home Page has HTML injection vulnerability

Summary Observed a HTML Injection vulnerbaility in the Home page of Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the...

CVE-2024-31868

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...

The vulnerability of the FOXMAN-UN and UNEM software for managing and monitoring networks and equipment lies in the lack of mechanisms for encoding or shielding sensitive outputs, allowing attackers to access confidential data.

The vulnerability of the FOXMAN-UN and UNEM network and equipment management and monitoring software lies in the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

Automattic: DOM XSS on multiple Automattic domains through postMessages

A DOM XSS vulnerability was found on widgets.wp.com allowing injection of scripts into the DOM. This was combined with a vulnerability in the Jetpack WordPress plugin where postMessages from widgets.wp.com were used to populate avatar URLs without validation, leading to DOM XSS on WordPress sites...

Cross site scripting

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendere...

CVE-2024-23817

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendere...

UBUNTU-CVE-2024-23817

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendere...

CVE-2024-23817 Dolibarr Application Home Page HTML injection vulnerability

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendere...