3308 matches found
Video Downloader 安全漏洞
Video Downloader is a video downloading application. A security vulnerability exists in Video Downloader version 20-30.05.24. An attacker can exploit this vulnerability to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...
CVE-2024-42041
The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...
PT-2024-31656
Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 1.27.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M3 Description: The vulnerability allows an authenticated user, authorized to configure a Parameter Context, to enter arbitrary JavaScript code in the...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...
GHSA-79JV-5226-783F OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...
PT-2024-8657 · Velocity +2 · Velocity +2
Name of the Vulnerable Software and Affected Versions: Butterfly framework versions prior to 1.2.6 Description: The Butterfly framework has a weakness related to incorrect restriction of the path name to a directory with limited access. This can be exploited by an attacker with network access to...
Unspecified Vulnerability in JetBrains YouTrack
JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...
CVE-2024-40746
A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...
CVE-2024-40746 Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1
A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...
CVE-2024-40746 Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1
A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...
CVE-2024-40746
CVE-2024-40746 is a stored XSS affecting the Hikashop Joomla component prior to 5.1.1. The root cause is that the description parameter in a product is not sanitized in the backend, enabling a remote attacker to inject arbitrary JavaScript into a user’s browser. Affected software: Hikashop Joomla...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...
Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41005)
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
ComfyUI 跨站脚本漏洞
ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...