Cross Site Scripting(XSS)

craftcms/cms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient input sanitization in the breadcrumb list and title fields, allowing user-provided input to be stored without proper validation or encoding, which then executes malicious scripts when displayed...

CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

MAL-2024-12238 Malicious code in cobo-custdy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd0d754c7d09b395a490411bfdba9006309e5227c634e9946f4612de907de0d0 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...

Indico 安全漏洞

Indico is a feature-rich event management system from Indico Open Source. A security vulnerability exists in Indico versions prior to 3.3.4 that stems from insufficient validation of input when redirecting to nextURL during account creation, which could lead to the execution of malicious scripts...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

CVE-2024-8004

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2023x through R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...

Halo 安全漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo versions prior to 2.17.0. An attacker exploited the vulnerability to execute malicious scripts in a user's browser via specific HTML and JavaScript code...

Dassault Systèmes 3DEXPERIENCE 跨站脚本漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes 3DEXPERIENCE version R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2022x through R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...

CVE-2024-42412

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...

CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...

CVE-2024-44716

A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Kashipara Hotel Management System Cross-Site Scripting Vulnerability

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the useremail parameter of...

CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2024-37810)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...