144 matches found
CVE-2025-0423
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...
CVE-2025-0424
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...
CVE-2025-0424
Cordaware bestinformed Web is affected by authenticated stored cross-site scripting due to improper input sanitization. An authenticated attacker can inject JavaScript into other users’ sessions, potentially enabling horizontal movement to higher-privileged accounts. The available connected sourc...
CVE-2025-0424 Multiple Authenticated Stored Cross-Site Scripting
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...
CVE-2025-0424 Multiple Authenticated Stored Cross-Site Scripting
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...
CVE-2025-0423
Cordaware bestinformed Web is affected by CVE-2025-0423 due to improper sanitization of user input, enabling unauthenticated stored cross-site scripting. The vulnerability allows an attacker to inject JavaScript into user sessions and potentially abuse user privileges on the application. The affe...
CVE-2024-49754
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...
CVE-2024-55931
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "name" parameter on the "Port Settings" page, allowing an attacker to inject arbitrary JavaScript, which executes when the page is accessed, potentially compromising user...
PT-2024-35393 · 2Fauth · 2Fauth
Name of the Vulnerable Software and Affected Versions: 2FAuth versions prior to 5.4.1 Description: The issue is related to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. An attacker can upload a malicious SVG containing JS code, which could compromise a...
Stored Cross-Site Scripting (XSS) via SAML IdP XML Injection
An attacker can achieve stored cross-site scripting XSS by injecting malicious JavaScript into the SAML IdP XML metadata. This metadata is used to generate the SAML login redirect URL, which is ultimately set as the value of window.location.href. This vulnerability allows the attacker to execute...
CVE-2024-51497
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...
CVE-2024-50351
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...
CVE-2024-51497
LibreNMS is affected by a Stored XSS in the Custom OID tab, where an authenticated user can inject JavaScript via the unit parameter when creating a new OID. The vulnerability is due to improper sanitization in librenms/includes/html/print-customoid.php and is associated with the stored XSS paylo...
CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of...
CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of...
CVE-2024-51494
CVE-2024-51494 – Stored XSS in LibreNMS A stored Cross-Site Scripting vulnerability exists in LibreNMS (librenms/librenms) on the Port Settings page. The XSS is triggered via the descr parameter when editing a device port, allowing an authenticated attacker to inject JavaScript that can execute i...
GHSA-7663-37RG-C377 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the "Port Settings...
CVE-2024-50351 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...
Refresh Token Exposure
@workos-inc/authkit-nextjs is vulnerable to Refresh Token Exposure. The vulnerability is due to improper handling of sensitive data, where refresh tokens are logged to the console if the debug flag, which is disabled by default, is enabled. This allows an attacker with access to the logs to steal...