Lucene search
K

3306 matches found

Veracode
Veracode
added 2024/10/01 10:1 a.m.3 views

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.20 views

Mozilla Thunderbird < 131.0

The version of Thunderbird installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-50 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

9.8CVSS7.8AI score0.00738EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.39 views

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

9.8CVSS7.8AI score0.00738EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.21 views

Mozilla Firefox ESR < 115.16

The version of Firefox ESR installed on the remote Windows host is prior to 115.16. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-48 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

9.8CVSS8.8AI score0.00738EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.24 views

Mozilla Thunderbird < 131.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-50 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

9.8CVSS7.8AI score0.00738EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.21 views

Mozilla Firefox ESR < 128.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-47 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

9.8CVSS7.8AI score0.00738EPSS
Exploits0References12
Cvelist
Cvelist
added 2024/09/27 12:0 a.m.25 views

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...

0.00488EPSS
Exploits0References1
CVE
CVE
added 2024/09/27 12:0 a.m.54 views

CVE-2024-46367

CVE-2024-46367 describes a Stored XSS in Webkul Krayin CRM v1.3.0 where a malicious payload in the username field can execute JavaScript, potentially leading to privilege escalation within the CRM. The vulnerability is identified with a high/critical impact (CVSS v3.1: 9.6; Network attack, low co...

9.6CVSS5.6AI score0.00488EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/09/23 8:40 a.m.5 views

Cross-site Scripting (XSS)

camaleoncms is vulnerable to Cross-site Scripting XSS via the image upload functionality. An attacker can execute arbitrary JavaScript on behalf of the user or administrator by uploading malicious SVG or HTML files with embedded scripts...

6.4AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/23 12:0 a.m.15 views

CVE-2023-46948

A reflected Cross-Site Scripting XSS vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components...

0.00379EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/23 12:0 a.m.12 views

CVE-2023-46948

A reflected Cross-Site Scripting XSS vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components...

6.1AI score0.00379EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/22 12:0 a.m.10 views

CVE-2024-47226

A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...

5.2AI score0.00289EPSS
Exploits1References2
OSV
OSV
added 2024/09/17 6:15 p.m.2 views

CVE-2024-38380

This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session...

5.4CVSS6AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.4 views

PT-2024-27970 · Millbeck Communications · Proroute H685T-W +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute...

5.5CVSS7.1AI score0.00401EPSS
Exploits0References6
Veracode
Veracode
added 2024/09/04 10:37 a.m.140 views

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is cause due to a missing validation and sanitization in the href attribute of the tag in the carousel component in the data-slide and data-slide-to attributes. This can enable attackers to execute arbitrary JavaScript within...

6.7AI score
Exploits0References4Affected Software5
OSV
OSV
added 2024/09/02 4:10 p.m.22 views

CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

8.9CVSS7AI score0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.5 views

PT-2024-22265 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.0.0 Description: The issue allows a regular user to create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application by uploading specially crafted files. Thi...

8.9CVSS7.2AI score0.00315EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.3 views

eLabFTW 安全漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW versions prior to 5.0.0. An attacker exploiting this vulnerability could run arbitrary...

8.9CVSS6.6AI score0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/29 8:53 a.m.25 views

CVE-2024-5624 Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL

Reflected Cross-Site Scripting XSS in Shift Logbook application of B&R APROL = R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session...

5.1CVSS0.00239EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/29 12:0 a.m.423 views

vTiger CRM 7.4.0 Cross Site Scripting

CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...

7.4AI score0.00726EPSS
Exploits2
Rows per page
Query Builder