3308 matches found
GHSA-28P7-F6H6-3JH3 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
Summary A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "metric"...
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
Summary A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "metric"...
CVE-2024-51495 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results i...
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is...
CVE-2024-51494 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability...
CVE-2024-50355
CVE-2024-50355 affects LibreNMS (PHP/MySQL/SNMP-based) where Admins can edit a device’s Display Name; input is not properly sanitized, allowing JavaScript in the name to execute in various contexts (persistent XSS). The vulnerability impacts multiple endpoints that display or reflect the Display ...
GHSA-4M5R-W2RQ-Q54Q LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...
GHSA-V7W9-63XH-6R3W LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
Summary A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter,...
GHSA-XH4G-C9P6-5JXG LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is...
CVE-2024-41785 IBM Concert cross-site scripting
IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
GHSA-R735-9GC6-2HVQ Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2022-1226
A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...
CVE-2021-3988
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore
A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...
CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
FlightPath 安全漏洞
FlightPath is an open source academic advising system for universities from FlightPath, Inc. A security vulnerability exists in FlightPath version 7.5. An attacker can exploit this vulnerability to inject arbitrary JavaScript into a user's web browser...