Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows remote attackers to execute arbitrary...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. Salt has a security vulnerability that stems from the Salt-SSH preflight option copying scripts to predictable paths to the target, which allows an attacker to forc...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Create User process, which involves uploading a profile image. An attacker can exploit this by uploading a malicious SVG file containing a maliciously crafted script, which executes when the profile...

PT-2024-34473 · Unknown · Ferozo Webmail

Name of the Vulnerable Software and Affected Versions: Ferozo Webmail version 1.1 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary scripts. Recommendations: For Ferozo Webmail version 1.1, at the moment, there is no information about a newer version that contain...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Online Shopping Portal dom_data.php file cross-site scripting vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Online Shopping Portal /admin/assets Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a cross-site scripting vulnerability that originates from the parameter scripts in file /admin/assets/plugins/DataTables/media/unittesting/templates/complexheader2.php that is not validly filtered and escaped by...

CVE-2024-20511

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT version 20240802 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escapin...

CVE-2024-51492

Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...

CVE-2024-51492

CVE-2024-51492 affects Zusam prior to 0.5.6. A specially crafted SVG uploaded as an image enables stored XSS with unrestricted script execution on image load, potentially exfiltrating the user’s long‑lived session token/API key (valid indefinitely unless rotated). Version 0.5.6 fixes the vulnerab...

PT-2024-34656 · Zusam · Zusam

Name of the Vulnerable Software and Affected Versions: Zusam versions prior to 0.5.6 Description: The issue allows for unrestricted script execution on image load when specially crafted SVG files are uploaded to the service. This can lead to the theft of a target user's long-lived session token,...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2024-43209)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2024-43205)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

PHPGurukul Doctor Appointment Management System 安全漏洞

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

Cross-site Scripting (XSS)

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sanitizesvg function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into a...

GHSA-W7HQ-F2PJ-C53G pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a cross-site scripting...