Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-46815)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

PT-2024-7341 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: The vulnerability is related to insufficient validation of user input in the web-based management interface, allowing an unauthenticated, remo...

SeedDMS cross-site scripting vulnerability (CNVD-2024-41051)

SeedDMS is SeedDMS open source PHP and MySql based on a set of open source document management system . The system is mainly used to store and share documents . SeedDMS v6.0.28 version of the existence of cross-site scripting vulnerability , the vulnerability stems from the application of the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interface strings for dates. An attacker can execute arbitrary scripts in the context of the user's browser by embedding malicious payloads in these messages. Details Cross-site scripting or XSS is a cod...

firefox: thunderbird: Cross-origin access to PDF contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2583)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2557)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2529)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

Zenario CMS 安全漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system . A cross-site scripting vulnerability exists in Zenario CMS version 9.7.61188, which stems from the lack of effective filtering and escaping of user-supplied data in the "Organizer tags" field and c...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

CVE-2024-41930

Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

Advantech ADAM-5550 跨站脚本漏洞

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from a cross-site scripting vulnerability that stems from the device failing to properly eliminate malicious code when parsing HTTP requests to generate page output. An attacker can...

kvf-admin 跨站脚本漏洞

kvf-admin is a rapid development framework, scaffolding, backend management system, permission system. kvf-admin cross-site scripting vulnerability , the vulnerability stems from the file / ueditor/upload?configPath=ueditor/config.json&action=uploadfile parameter upfile lack of effective filterin...

CVE-2024-45836

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

PT-2024-31801 · Planex Communications · Planex Communications Network Cameras

Name of the Vulnerable Software and Affected Versions: PLANEX COMMUNICATIONS network cameras affected versions not specified Description: A cross-site scripting issue exists in the web management page of the network cameras. If a logged-in user accesses a specific file, an arbitrary script may be...