3308 matches found
Pimcore 跨站脚本漏洞
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exist...
PT-2024-29564 · Ibm · Ibm Concert
Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.1 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosur...
webkitgtk: arbitrary javascript code execution
A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...
CVE-2024-50601
Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...
CVE-2024-11021
CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...
CVE-2024-11019
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...
CVE-2024-11019 Grand Vice info Webopac7 - Reflected XSS
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...
SYQ com.downloader.video.fast 安全漏洞
SYQ com.downloader.video.fast SYQ Master Video Downloader is a video downloader from SYQ Inc. A security vulnerability exists in SYQ com.downloader.video.fast Master Video Downloader version 2.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...
CVE-2024-46962
The SYQ com.downloader.video.fast aka Master Video Downloader application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component...
DS Browsers allvideo.downloader.browser 安全漏洞
DS Browsers allvideo.downloader.browser DS Browsers Fast Video Downloader: Browser is a video downloader from DS Browsers. A security vulnerability exists in DS Browsers allvideo.downloader.browser Fast Video Downloader: Browser version 1.6-RC1 and earlier versions. An attacker can exploit this...
PT-2024-16710 · Grand Vice Info · Webopac
Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The issue is a Stored Cross-site Scripting vulnerability, allowing remote attackers with regular privileges to inject arbitrary JavaScript code into the server. When...
PT-2024-34350 · Axigen · Axigen Mail Server
Name of the Vulnerable Software and Affected Versions: Axigen Mail Server versions prior to 10.5.29 Description: The issue concerns persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter. This could allow attackers to execute arbitrary Javascript, potentially...
ASD Dev Video Player HD Video Downloader 安全漏洞
ASD Dev Video Player HD Video Downloader is a video downloader from ASD Dev Video Player, Inc. A security vulnerability exists in ASD Dev Video Player HD Video Downloader version 7.0.129 and earlier, which originates from a vulnerability that allows attackers to execute arbitrary JavaScript code...
PT-2024-32302 · Winshot · Winshot
Name of the Vulnerable Software and Affected Versions: Inshot com.downloader.privatebrowser aka Video Downloader - XDownloader versions 1.3.5 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivi...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...
CVE-2024-30618
CVE-2024-30618 is a Stored XSS in Chamilo LMS 1.11.26 triggered by a malicious payload in the content parameter of group_topics.php. Impact is to execute JavaScript in a victim’s browser (confidentiality/integrity) with network access and user interaction required. Root cause is insufficient inpu...
CVE-2024-42041
The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...
CVE-2024-31972
EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...
CVE-2024-42041
The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...
EnGenius ESR580 安全漏洞
The EnGenius ESR580 is a series of wireless access points from EnGenius. A security vulnerability exists in the EnGenius ESR580 that originates from allowing remote attackers to conduct a stored cross-site scripting attack via the Wi-Fi SSID input field, which can lead to arbitrary JavaScript cod...