SUSE CVE-2011-1696

Cross-site scripting XSS vulnerability in Novell Identity Manager aka IDM User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the...

SUSE CVE-2014-3169

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notificatio...

SUSE CVE-2017-15706

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

SUSE CVE-2018-8024

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the...

SUSE CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.6, Firefox 74, Firefox ESR68.6...

SUSE CVE-2020-10174

inittmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this...

SUSE CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...

SUSE CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

SUSE CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

SUSE CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

SUSE CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

JSA10377 - Pulse Policy Secure (PPS): Cross-Site Scripting Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Policy Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by ...

Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G

Overview Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-22370 Cross-site request forgery CWE-352 - CVE-2023-22375 Reflected cross-site scripting CWE-79 -...

CVE-2023-24234

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

CVE-2023-24233

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

CVE-2023-24234

CVE-2023-24234 affects Inventory Management System v1, specifically the php-inventory-management-system/brand.php component. The vulnerability is a stored XSS that allows an attacker to inject arbitrary web scripts or HTML via the Brand Name parameter. Reported impact is execution of scripts with...

CVE-2023-24322

A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...