The vulnerability of the web-based collaboration tool for planning, creating, managing, and executing tests at all stages of the IBM Engineering Test Management cycle exists due to the lack of protective measures for the website structure. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the web-based collaboration tool for planning, creating, managing, and executing tests at all stages of the development cycle in IBM Engineering Test Management exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a...

PT-2024-2601 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure in Adobe Experience Manager, allowing a remote attacker to execute arbitrary JavaScript code. This store...

CVE-2024-26450

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This...

The vulnerability of the Captive Portal function in the PAN-OS operating system allows a intruder to execute arbitrary JavaScript code.

The vulnerability of the Captive Portal function in the PAN-OS operating system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

SUSE CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...

PT-2023-28839

Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser version 6.65.022 dab24cc6 231221 gp Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivit...

PT-2023-32634 · Alkacon · Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon Software Open CMS versions 14 through 15 of the 'Mercury' template Description: A cross-site scripting XSS issue affects the software, allowing a remote attacker to send a specially crafted JavaScript payload to a victim, potentially...

PT-2023-32770 · Unknown · Amazing Little Poll

Name of the Vulnerable Software and Affected Versions: Amazing Little Poll versions 1.3 through 1.4 Description: The issue is a Stored XSS vulnerability that allows a remote attacker to store a malicious JavaScript payload in the "lp admin.php" file using the question and item parameters. This...

CVE-2023-48042

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

CVE-2023-1720

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...

Roundcube Webmail Cross-Site Scripting Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.4.15, 1.5.5, and 1.6.4, which stems from a security issue in...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...

PT-2023-19912 · Clevertap · Clevertap Cordova Plugin

Name of the Vulnerable Software and Affected Versions: CleverTap Cordova Plugin version 2.6.2 Description: The CleverTap Cordova Plugin does not correctly validate the data coming from deeplinks before using them, allowing a remote attacker to execute JavaScript code in any application that is...

UBUNTU-CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

CVE-2023-34835

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable deletefile parameter...

MicroWorld Technologies eScan Management Console 跨站脚本漏洞

MicroWorld Technologies eScan Management Console is an eScan management console from MicroWorld Technologies, Inc. A cross-site scripting vulnerability exists in Microworld Technologies eScan Management console version v.14.0.1400.2281, which originates from a vulnerability that allows remote...

DEBIAN-CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

PT-2023-18612 · Apache +1 · Apache Jena +1

Name of the Vulnerable Software and Affected Versions: Apache Jena versions 3.7.0 through 4.8.0 Description: The issue is related to insufficient checking of user queries and restrictions of called script functions in Apache Jena, allowing a remote user to execute arbitrary javascript via a SPARQ...