3308 matches found
Silverpeas Core 跨站脚本漏洞
Silverpeas Core is an open source project from Silverpeas Open Source for building and running collaborative and social web portals. A cross-site scripting vulnerability exists in Silverpeas Core version 6.4.1. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...
CVE-2024-56924
A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...
CVE-2025-0583 aEnrich Technology a+HRD - Reflected Cross-site Scripting(XSS)
The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
KaTeX \htmlData does not validate attribute names
Impact KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. Workarounds - Avoid use of or turn off the...
CVE-2024-47140
A cross-site scripting xss vulnerability exists in the addalertcheck page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker...
CVE-2021-29669
CVE-2021-29669 affects IBM Jazz Foundation (versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2). The issue is a cross-site scripting vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The public m...
The vulnerability of the document viewer library in the web version of the eXpress communication system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary Java Script code.
The vulnerability of the document viewer library in the web version of the eXpress communication system is due to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary Java Script code by sending a specially crafted file...
CVE-2024-46073
CVE-2024-46073 describes a reflected Cross‑Site Scripting (XSS) in IceHRM v32.4.0.OS login page. The root cause is improper sanitization of the user-controlled yet echoed “next” parameter, which is included in the response without proper escaping. This enables an attacker to lure a user to a craf...
GHSA-WV23-996V-Q229 PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties
Cross-Site Scripting XSS vulnerability in custom properties Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0: 4.8...
CVE-2025-21610
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currency parameter of the Currency.php script. An attacker can execute arbitrary JavaScript cod...
Cross-site Scripting (XSS)
shuchkin/simplexlsx is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling because the toHTMLEx method allows the execution of arbitrary JavaScript code...
The vulnerability of the library for extracting data from SimpleXLSX Excel files relates to the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the library for extracting data from SimpleXLSX Excel files is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
GHSA-R87Q-FJ25-F8JF Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 Workarounds Don't use data publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev Positiv...
CVE-2024-56364
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...
CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...
CVE-2024-56364
CVE-2024-56364 affects the SimpleXLSX PHP library. From versions 1.0.12 through 1.1.13, calling the extended toHTMLEx method could allow execution of arbitrary JavaScript, via the toHTMLEx component. The vulnerability is mitigated by upgrading to version 1.1.13 or newer, which contains the fix. R...
GHSA-MMX8-VRFG-HFMQ Piranha CMS Cross-site Scripting vulnerability
A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...
CVE-2024-55341
A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...
CVE-2024-9101
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...