Astra Linux – Vulnerability in LibreOffice

Unchecked script execution in the “Graphic on-click binding” mechanism in affected LibreOffice versions allows an attacker to create a document that will execute scripts built into LibreOffice upon clicking a graphic, without any prompts. These scripts were previously considered trusted, but now...

PT-2024-10987 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.4.0000 Description: A Possible Reflected Cross-Site Scripting XSS issue has been discovered in iManager. This issue may allow for malicious script execution. Recommendations: For OpenText iManager version...

CVE-2024-52309

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

PT-2024-35169 · Sftpgo · Sftpgo

Name of the Vulnerable Software and Affected Versions: SFTPGo versions prior to 2.6.3 Description: SFTPGo has a feature that allows the EventManager to execute scripts or run applications in response to certain events. However, any SFTPGo administrator with permission to run a script has access t...

CVE-2024-48535

A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

PT-2024-34786 · Seo Free · Seo Free

Name of the Vulnerable Software and Affected Versions: Seo Free versions n/a through 1.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also stor...

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

CVE-2024-48068

CVE-2024-48068 concerns a cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co., LTD Landray EKP v16 and earlier. The issue allows an attacker to execute arbitrary web scripts or HTML via a crafted payload. Affected product: Landray EKP v16 and earlier (Office automation solut...

FitNesse 安全漏洞

FitNesse is a fully integrated standalone acceptance testing framework and wiki open-sourced by Robert C. Martin. A security vulnerability exists in versions prior to FitNesse 20241026, which stems from the presence of a cross-site scripting vulnerability that could allow an attacker to execute...

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group,...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows remote attackers to execute arbitrary...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. Salt has a security vulnerability that stems from the Salt-SSH preflight option copying scripts to predictable paths to the target, which allows an attacker to forc...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Create User process, which involves uploading a profile image. An attacker can exploit this by uploading a malicious SVG file containing a maliciously crafted script, which executes when the profile...

PT-2024-34473 · Unknown · Ferozo Webmail

Name of the Vulnerable Software and Affected Versions: Ferozo Webmail version 1.1 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary scripts. Recommendations: For Ferozo Webmail version 1.1, at the moment, there is no information about a newer version that contain...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Online Shopping Portal dom_data.php file cross-site scripting vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...