Lucene search
K

3308 matches found

Packet Storm
Packet Storm
added 2024/08/29 12:0 a.m.423 views

vTiger CRM 7.4.0 Cross Site Scripting

CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...

7.4AI score0.00726EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.4 views

The vulnerability of the site_id parameter in the netshop CMS system, Netcat, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the siteid parameter in the netshop CMS system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

9CVSS5.8AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.7 views

The vulnerability of the Netcat CMS system’s comment module allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Netcat CMS system’s comment module exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

9CVSS5.8AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.8 views

The vulnerability of the “market” parameter in the Netcat netshop CMS system allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the “market” parameter in the netshop CMS system, Netcat CMS, is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

9CVSS5.7AI score
Exploits0References1Affected Software1
NVD
NVD
added 2024/08/19 5:15 p.m.18 views

CVE-2024-43400

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. Thi...

9CVSS0.00461EPSS
Exploits1References3
CVE
CVE
added 2024/08/19 4:24 p.m.59 views

CVE-2024-43400

CVE-2024-43400 refers to an XSS vulnerability in the XWiki Platform. A user without Script/Programming rights could be enticed to follow a crafted URL that leads to a page containing arbitrary JavaScript. The issue is documented across multiple sources, and patches exist: XWiki 14.10.21, 15.5.5, ...

9CVSS9.1AI score0.00461EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/08/19 10:16 a.m.620 views

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing sanitization in the href attribute of the tag while working with data-slide and data-slide-to attributes. This could enable an attacker to execute arbitrary JavaScript within the victim's browser...

6.7AI score
Exploits0References5Affected Software3
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.6 views

PT-2024-38571 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function. This allows authenticated attackers with...

5.5CVSS6.7AI score0.00243EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/08/19 12:0 a.m.6 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform. An attacker exploiting this vulnerability could use arbitrary JavaScript to craft a URL pointing to a page...

9CVSS6.5AI score0.00461EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.5 views

PT-2024-30559 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.21 XWiki Platform versions prior to 15.5.5 XWiki Platform versions prior to 15.10.6 XWiki Platform versions prior to 16.0.0 Description: The issue allows a user without Script or Programming rights to...

9.4CVSS7.3AI score0.00461EPSS
Exploits1References12
OSV
OSV
added 2024/08/16 8:15 p.m.4 views

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...

4.7CVSS6AI score0.00368EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/08/15 3:30 a.m.22 views

Duplicate Advisory: Code injection in Directus

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9qrm-48qf-r2rw. This link is maintained to preserve external references. Original Description Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is...

5AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/15 3:15 a.m.13 views

CVE-2024-6533

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...

5.4CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2024/08/15 3:4 a.m.63 views

CVE-2024-6533

Directus 10.13.0 is affected by a DOM-based XSS flaw where an authenticated attacker can inject and store an attacker-controlled value that is rendered into an unsanitized DOM element on the client. The issue stems from how a parameter is stored on the server and later used by the client, enablin...

5.4CVSS4.8AI score0.00358EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/14 9:12 p.m.27 views

CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...

6.5CVSS6.3AI score0.00487EPSS
Exploits0References6
NVD
NVD
added 2024/08/14 12:15 p.m.12 views

CVE-2024-39400

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session...

8.1CVSS0.00639EPSS
Exploits0References1
CVE
CVE
added 2024/08/13 11:3 a.m.47 views

CVE-2024-41774

IBM Common Licensing 9.0 is affected by CVE-2024-41774: stored cross-site scripting in the Web UI (LKS Administration Reporting Tool/Agent) that could allow a privileged user to inject JavaScript and potentially disclose credentials. Remediation: apply IBM_Common_Licensing_ICL_9.0.0.1 / update to...

4.8CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/08/12 3:15 p.m.16 views

CVE-2024-33536

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading...

5.4CVSS0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.2 views

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0, which stems from the...

5.4CVSS6.4AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/12 12:0 a.m.18 views

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

0.19543EPSS
Exploits1References2
Rows per page
Query Builder