3308 matches found
PT-2024-7356 · Jetbrains · Jetbrains Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.47197 Description: The issue is related to insufficient validation of the communication channel source in the iframe plugin of JetBrains YouTrack. This can allow an attacker to execute arbitrary...
Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41007)
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...
Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41008)
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...
eLabFTW 代码注入漏洞
eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A code injection vulnerability exists in eLabFTW versions prior to 5.1.5. An attacker can exploit this vulnerability to execute arbitrary...
BIT-DISCOURSE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
Esri Portal for ArcGIS < Security 2024 Update 2 Multiple Vulnerabilities (10.8.1)
The version of Esri Portal for ArcGIS installed is missing Security 2024 Update 2. It is, therefore, affected by multiple vulnerabilities including: - There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated...
CVE-2024-47772
CVE-2024-47772: Discourse exposes a cross-site scripting (XSS) vulnerability via chat excerpts when CSP is disabled. An attacker can cause arbitrary JavaScript execution in a user’s browser by sending a maliciously crafted chat message and a reply. The issue affects sites with CSP disabled and is...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could execute arbitrary JavaScript on a user...
CVE-2024-42831
A reflected cross-site scripting XSS vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapperdialog.php...
CVE-2024-8149
There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2024-8149
There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2024-25707
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...
CVE-2024-38036
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-25691
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-38038
Summary: CVE-2024-38038 is a reflected XSS in Esri Portal for ArcGIS. The vulnerability affects ArcGIS Portal versions 11.1 and can be triggered by a crafted, unauthenticated link that may execute JavaScript in the victim’s browser. The issue is documented across multiple sources (NVD/CVE records...
CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-25701
CVE-2024-25701 is a stored XSS vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder, affecting versions 10.8.1–11.1 (per connected sources). An authenticated, remote attacker can craft a link stored in the Experience Builder Embed widget, which when loaded may execute arbitrary J...