3306 matches found
IBM Datacap Navigator Cross-Site Scripting Vulnerability
IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from a cross-site scripting vulnerability that originates from allowing arbitrary JavaScript code to be embedded in the Web UI, which could alter the intended functionality an...
IBM Datacap Navigator Cross-Site Scripting Vulnerability
IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Datacap Navigator, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI...
PT-2024-5677 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a parameter in the market module of the Netcat CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker to execute...
PT-2024-5686 · Netcat · Netcat Netshop Cms
Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the promotion discount parameter in the Netcat Netshop CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker t...
PT-2024-5679 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection measures for the web page structure in the stats module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScri...
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...
CVE-2024-6531
CVE-2024-6531 is rejected and not an active vulnerability entry.
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
CVE-2024-35234
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
PT-2024-26398 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta3 on the tests-passed branch Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting a specific URL...
IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2024-30211)
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...
Cross Site Scripting(XSS)
zenml is vulnerable to Cross-Site Scripting XSS . The vulnerability is due to improper input neutralization during web page generation within the survey redirect parameter, which allows an attacker to execute arbitrary JavaScript code in the context of the user's browser session...
CVE-2023-50964
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102...
CVE-2024-5062
CVE-2024-5062 : A reflected XSS in zenml-io/zenml
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...
GHSA-Q6XV-JM4V-349H Cross-site Scripting in ZenUML
Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...
Cross-site Scripting in ZenUML
Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...
LINE client for iOS vulnerable to universal cross-site scripting
Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the context of the victim’s browser...