Lucene search
K

3308 matches found

Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.4 views

PT-2024-7356 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.47197 Description: The issue is related to insufficient validation of the communication channel source in the iframe plugin of JetBrains YouTrack. This can allow an attacker to execute arbitrary...

9.4CVSS7.8AI score0.00401EPSS
Exploits0References10
CNVD
CNVD
added 2024/10/17 12:0 a.m.10 views

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41007)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...

4.8CVSS6.4AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2024/10/17 12:0 a.m.8 views

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41008)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

6.1CVSS6.4AI score0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.3 views

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...

8.1CVSS6.6AI score0.00401EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.3 views

eLabFTW 代码注入漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A code injection vulnerability exists in eLabFTW versions prior to 5.1.5. An attacker can exploit this vulnerability to execute arbitrary...

6.1CVSS7.7AI score0.00271EPSS
Exploits0References3
OSV
OSV
added 2024/10/11 10:50 a.m.13 views

BIT-DISCOURSE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...

6.5CVSS6.8AI score0.00331EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/10/09 9:11 a.m.3 views

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

7.5CVSS7.5AI score0.00498EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.27 views

Esri Portal for ArcGIS < Security 2024 Update 2 Multiple Vulnerabilities (10.8.1)

The version of Esri Portal for ArcGIS installed is missing Security 2024 Update 2. It is, therefore, affected by multiple vulnerabilities including: - There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated...

7.5CVSS6AI score0.00568EPSS
Exploits0References13
CVE
CVE
added 2024/10/07 8:50 p.m.61 views

CVE-2024-47772

CVE-2024-47772: Discourse exposes a cross-site scripting (XSS) vulnerability via chat excerpts when CSP is disabled. An attacker can cause arbitrary JavaScript execution in a user’s browser by sending a maliciously crafted chat message and a reply. The issue affects sites with CSP disabled and is...

6.5CVSS6.5AI score0.00331EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.5 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could execute arbitrary JavaScript on a user...

6.5CVSS6.2AI score0.00331EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/07 12:0 a.m.15 views

CVE-2024-42831

A reflected cross-site scripting XSS vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapperdialog.php...

5.9AI score0.01121EPSS
Exploits3References3
NVD
NVD
added 2024/10/04 6:15 p.m.27 views

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

4.6CVSS0.00392EPSS
Exploits0References1
OSV
OSV
added 2024/10/04 6:15 p.m.3 views

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

4.6CVSS6.1AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2024/10/04 6:15 p.m.27 views

CVE-2024-25707

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...

4.8CVSS0.00329EPSS
Exploits0References1
NVD
NVD
added 2024/10/04 6:15 p.m.19 views

CVE-2024-38036

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

5.4CVSS0.00568EPSS
Exploits0References1
OSV
OSV
added 2024/10/04 6:15 p.m.3 views

CVE-2024-25691

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS6AI score
Exploits0References1
CVE
CVE
added 2024/10/04 5:19 p.m.60 views

CVE-2024-38038

Summary: CVE-2024-38038 is a reflected XSS in Esri Portal for ArcGIS. The vulnerability affects ArcGIS Portal versions 11.1 and can be triggered by a crafted, unauthenticated link that may execute JavaScript in the victim’s browser. The issue is documented across multiple sources (NVD/CVE records...

6.1CVSS6.4AI score0.00302EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/04 5:18 p.m.16 views

CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS6.4AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/04 5:18 p.m.27 views

CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS0.00302EPSS
Exploits0References1
CVE
CVE
added 2024/10/04 5:17 p.m.64 views

CVE-2024-25701

CVE-2024-25701 is a stored XSS vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder, affecting versions 10.8.1–11.1 (per connected sources). An authenticated, remote attacker can craft a link stored in the Experience Builder Embed widget, which when loaded may execute arbitrary J...

4.8CVSS5.5AI score0.00266EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder