Adobe Connect <= 11.4.7 Multiple Vulnerabilities (APSB24-99)

The version of Adobe Connect installed on the remote host is prior to 11.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-99 advisory. - Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that coul...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

Cross-site Scripting (XSS)

Overview mojo42/jirafeau is a provides a simple way to upload a file. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the manipulation of MIME types during the upload process. An attacker can execute scripts in the context of the user's browser session. Details...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Display Name parameter. An attacker can execute arbitrary web scripts or HTML by...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-50677

CVE-2024-50677 describes a cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 where an attacker can inject a crafted payload into the Search parameter to execute arbitrary web scripts or HTML. The root cause is improper handling/validation of user input in the search functionality, ...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

Veeam Backup and Replication 12.x < 12.3.0.310 Multiple Vulnerabilities (December 2024) (KB4693)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.0.310. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server...

CVE-2024-53470

CVE-2024-53470 involves multiple stored XSS vulnerabilities in WeGIA v3.2.0, specifically in the component /configuracao/gateway_pagamento.php. The issue allows injection of arbitrary web scripts or HTML via the id or name parameter, with the root cause identified as stored XSS. The provided docu...

Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...

Oracle Linux 9 : tuned (ELSA-2024-10384)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10384 advisory. - Fixed privileged execution of arbitrary scripts by active local user, CVE-2024-52336 Resolves: RHEL-66639 Tenable has extracted the preceding...