Lucene search
K

144 matches found

NVD
NVD
added 2025/02/18 8:15 a.m.11 views

CVE-2025-0423

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...

5.3CVSS0.00459EPSS
Exploits1References1
NVD
NVD
added 2025/02/18 8:15 a.m.11 views

CVE-2025-0424

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...

5.1CVSS0.00411EPSS
Exploits1References1
CVE
CVE
added 2025/02/18 7:57 a.m.61 views

CVE-2025-0424

Cordaware bestinformed Web is affected by authenticated stored cross-site scripting due to improper input sanitization. An authenticated attacker can inject JavaScript into other users’ sessions, potentially enabling horizontal movement to higher-privileged accounts. The available connected sourc...

5.1CVSS5.9AI score0.00411EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/18 7:57 a.m.6 views

CVE-2025-0424 Multiple Authenticated Stored Cross-Site Scripting

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...

5.1CVSS5.9AI score0.00411EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/18 7:57 a.m.12 views

CVE-2025-0424 Multiple Authenticated Stored Cross-Site Scripting

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...

5.1CVSS0.00411EPSS
Exploits1References1
CVE
CVE
added 2025/02/18 7:57 a.m.55 views

CVE-2025-0423

Cordaware bestinformed Web is affected by CVE-2025-0423 due to improper sanitization of user input, enabling unauthenticated stored cross-site scripting. The vulnerability allows an attacker to inject JavaScript into user sessions and potentially abuse user privileges on the application. The affe...

5.3CVSS6.1AI score0.00459EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:0 a.m.10 views

CVE-2024-49754

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...

7.5CVSS5.4AI score0.69818EPSS
Exploits1References1
OSV
OSV
added 2025/01/27 12:15 p.m.5 views

CVE-2024-55931

Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References1
Veracode
Veracode
added 2024/12/04 4:18 a.m.10 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "name" parameter on the "Port Settings" page, allowing an attacker to inject arbitrary JavaScript, which executes when the page is accessed, potentially compromising user...

5.4CVSS6.2AI score0.00381EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.7 views

PT-2024-35393 · 2Fauth · 2Fauth

Name of the Vulnerable Software and Affected Versions: 2FAuth versions prior to 5.4.1 Description: The issue is related to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. An attacker can upload a malicious SVG containing JS code, which could compromise a...

6.1CVSS5.7AI score0.00363EPSS
Exploits1References10
Huntr
Huntr
added 2024/11/17 7:58 p.m.4 views

Stored Cross-Site Scripting (XSS) via SAML IdP XML Injection

An attacker can achieve stored cross-site scripting XSS by injecting malicious JavaScript into the SAML IdP XML metadata. This metadata is used to generate the SAML login redirect URL, which is ultimately set as the value of window.location.href. This vulnerability allows the attacker to execute...

7.3CVSS6.2AI score0.00351EPSS
Exploits1
NVD
NVD
added 2024/11/15 4:15 p.m.63 views

CVE-2024-51497

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...

5.4CVSS0.00396EPSS
Exploits1References2
NVD
NVD
added 2024/11/15 4:15 p.m.50 views

CVE-2024-50351

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...

5.4CVSS0.00387EPSS
Exploits1References2
CVE
CVE
added 2024/11/15 3:46 p.m.53 views

CVE-2024-51497

LibreNMS is affected by a Stored XSS in the Custom OID tab, where an authenticated user can inject JavaScript via the unit parameter when creating a new OID. The vulnerability is due to improper sanitization in librenms/includes/html/print-customoid.php and is associated with the stored XSS paylo...

5.4CVSS4.8AI score0.00396EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/15 3:45 p.m.9 views

CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of...

4.8CVSS6.2AI score0.00403EPSS
Exploits1References2
OSV
OSV
added 2024/11/15 3:45 p.m.16 views

CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of...

4.8CVSS6AI score0.00403EPSS
Exploits1References4
CVE
CVE
added 2024/11/15 3:43 p.m.84 views

CVE-2024-51494

CVE-2024-51494 – Stored XSS in LibreNMS A stored Cross-Site Scripting vulnerability exists in LibreNMS (librenms/librenms) on the Port Settings page. The XSS is triggered via the descr parameter when editing a device port, allowing an authenticated attacker to inject JavaScript that can execute i...

5.4CVSS4.9AI score0.00396EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/11/15 3:43 p.m.11 views

GHSA-7663-37RG-C377 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the "Port Settings...

7.5CVSS5.2AI score0.00396EPSS
Exploits1References4
OSV
OSV
added 2024/11/15 3:34 p.m.22 views

CVE-2024-50351 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...

4.8CVSS6AI score0.00387EPSS
Exploits1References4
Veracode
Veracode
added 2024/11/14 9:46 a.m.9 views

Refresh Token Exposure

@workos-inc/authkit-nextjs is vulnerable to Refresh Token Exposure. The vulnerability is due to improper handling of sensitive data, where refresh tokens are logged to the console if the debug flag, which is disabled by default, is enabled. This allows an attacker with access to the logs to steal...

5.5CVSS6.5AI score0.00247EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder