Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37807)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37806)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

The vulnerability of the Calltouch analytics service lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary scripts.

The vulnerability of the Calltouch analytics service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

CVE-2024-44793

A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...

CVE-2024-38859

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...

CVE-2024-38859

CVE-2024-38859 is a cross-site scripting (XSS) vulnerability in Checkmk. It affects view pages with the SLA column when using Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47, or 2.0.0 (EOL). The root cause is injection of HTML elements into the SLA column title, enabling execution of scrip...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

YznCMS Cross-Site Scripting Vulnerability (CNVD-2024-38192)

YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Mini Inventory and Sales Management System 安全漏洞

Mini Inventory and Sales Management System is a small inventory and sales management system written in PHP CodeIgniter framework that supports MySQL and Sqlite3 databases. A security vulnerability exists in Mini Inventory and Sales Management System. An attacker can exploit this vulnerability to...

ZZCMS content parameter cross-site scripting vulnerability

ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v2023, which originates from the lack of effective filtering and escaping of user-supplied data in the content parameter of /user/askedit.php?action=add, which can be exploite...

CVE-2024-6379

A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 OpenSSH Vulnerability Mitigation Script Over...

The vulnerability of the sysinfo.cgi script implemented in the Webmin hosting control panel allows a hacker to execute arbitrary scripts.

The vulnerability in the sysinfo.cgi script of the Webmin hosting panel exists because measures are not taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

SUSE CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the processing of user-supplied input in form fields. A low-privileged attacker attacker can execute arbitrary JavaScript in the context of a...