CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be...

VulnCheck KEV: CVE-2016-4945

Cross-site scripting XSS vulnerability in vpn/js/gatewayloginformview.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSCTMAC cookie...

CVE-2024-39915

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

PT-2025-31574 · Intelbras · Intelbras Rx3000 +1

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 version 2.2.9 Intelbras RX3000 version 1.0.11 Description: A cross-site scripting XSS issue exists in Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11. This allows attackers to execute arbitrary web scripts or HTML by...

LibreOffice Unchecked Script Execution Vulnerability (Jul 2024) - Mac OS X

LibreOffice is prone to an unchecked script execution vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

LibreOffice Unchecked Script Execution Vulnerability (Jul 2024) - Windows

LibreOffice is prone to an unchecked script execution vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

LibreOffice Unchecked Script Execution Vulnerability (Jul 2024) - Linux

LibreOffice is prone to an unchecked script execution vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

CVE-2024-36450

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may b...

CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

CVE-2024-40738

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/id/edit/...

CVE-2024-40739

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...

CVE-2024-40734

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/...

CVE-2024-40726

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/id/edit/...

Updated apache packages fix security vulnerabilities

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encodin...

Server Side Request Forgery (SSRF)

Apache HTTP Server 2.4.59 is vulnerable to SSRF. The vulnerability is due to a missing validation in response headers leading to information disclosure, SSRF or local script execution via backend applications which have malicious or exploitable header...

Multiple vulnerabilities in multiple Webmin products

Overview Multiple Webmin products contain multiple vulnerabilities listed below. sysinfo.cgi is vulnerable to cross-site scripting CWE-79 CVE-2024-36450 sessionlogin.cgi is vulnerable to cross-site scripting CWE-79 CVE-2024-36453 ajaxterm module is vulnerable to improper handling of insufficient...

CVE-2024-40740

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/id/edit/...