Lucene search
K

3306 matches found

Github Security Blog
Github Security Blog
added 2024/08/08 12:31 a.m.26 views

Open WebUI Stored Cross-Site Scripting Vulnerability

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.3CVSS6.7AI score0.0062EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2024/08/08 12:15 a.m.2 views

CVE-2024-6892

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application...

6.1CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 2024/08/07 11:19 p.m.32 views

CVE-2024-6892 Journyx Reflected Cross Site Scripting

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application...

0.00713EPSS
Exploits2References1
NVD
NVD
added 2024/08/07 11:15 p.m.18 views

CVE-2024-6706

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.3CVSS0.0062EPSS
Exploits3References3
OSV
OSV
added 2024/08/07 11:15 p.m.6 views

CVE-2024-6706

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.1CVSS6.7AI score
Exploits0References3
CVE
CVE
added 2024/08/07 11:1 p.m.59 views

CVE-2024-6706

Open WebUI stores Cross-Site Scripting (XSS) vulnerability CVE-2024-6706 in version 0.1.105 on Debian 12. The issue arises when a malicious prompt coerces the language model into executing arbitrary JavaScript in the context of the web page. Connected advisories (KL-001-2024-005; GHSA-5JP3-WP5V-5...

6.3CVSS6.6AI score0.0062EPSS
Exploits3References3Affected Software1
NVD
NVD
added 2024/07/29 3:15 p.m.24 views

CVE-2024-41676

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

4.8CVSS0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/29 2:46 p.m.12 views

CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

4.1CVSS6.3AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/07/29 2:46 p.m.54 views

CVE-2024-41676

Magento LTS (OpenMage Magento-lts) is affected by an XSS in system config fields design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt due to missing escaping. The issue allows input of arbitrary HTML/JavaScript and is mitigated by upgrading to ve...

4.8CVSS4.3AI score0.0034EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/07/29 1:15 p.m.25 views

CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

8.5CVSS0.00332EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/29 1:0 p.m.24 views

CVE-2024-6124 Reflected XSS in Hubshare via Open Redirect

Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session...

8.5CVSS6.7AI score0.0029EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/29 12:56 p.m.21 views

CVE-2024-6881 Stored XSS Vulnerability

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

8.5CVSS6.2AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/29 12:56 p.m.26 views

CVE-2024-6881 Stored XSS Vulnerability

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

8.5CVSS0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.2 views

M-Files Hubshare 安全漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents and collaborative content. A security vulnerability exists in M-Files Hubshare version 5.0.6.0, which stems from vulnerability to a reflective cross-site scripting attack that could allow...

8.5CVSS6.5AI score0.0029EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/25 5:18 p.m.31 views

CVE-2024-28772 IBM Security Directory Integrator cross-site scripting

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

6.8CVSS0.00267EPSS
Exploits0References2
OSV
OSV
added 2024/07/24 3:15 p.m.4 views

CVE-2024-31971

Multiple stored cross-site scripting XSS vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html,...

4.8CVSS5.9AI score0.00371EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/07/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

6.1CVSS5.9AI score0.01071EPSS
Exploits1References1
CVE
CVE
added 2024/07/24 12:0 a.m.57 views

CVE-2024-31971

CVE-2024-31971 affects AdTran NetVanta 3120 devices running version 18.01.01.00.E, with multiple stored XSS vulnerabilities that allow remote injection of JavaScript via endpoints such as /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connecti...

6.1CVSS6.1AI score0.00371EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/07/23 3:5 p.m.125 views

CVE-2024-6783

CVE-2024-6783 affects Vue and is described in multiple sources as a prototype-pollution–driven XSS vulnerability that could allow an attacker to modify Object.prototype properties (e.g., staticClass/staticStyle) and execute arbitrary JavaScript. The available connected documents confirm the issue...

4.8CVSS5.3AI score0.00506EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/23 12:0 a.m.4 views

Vue 安全漏洞

Vue is an HTML, CSS, and JS framework open-sourced by Vue. It is used to develop web applications with fine-grained reactivity. Vue suffers from a security vulnerability that stems from vulnerability to cross-site scripting attacks, where an attacker can change the prototype chain of certain...

4.8CVSS7.1AI score0.00506EPSS
Exploits0References2
Rows per page
Query Builder