Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...

CVE-2024-6531

CVE-2024-6531 is rejected and not an active vulnerability entry.

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

PT-2024-26398 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta3 on the tests-passed branch Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting a specific URL...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2024-30211)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

Cross Site Scripting(XSS)

zenml is vulnerable to Cross-Site Scripting XSS . The vulnerability is due to improper input neutralization during web page generation within the survey redirect parameter, which allows an attacker to execute arbitrary JavaScript code in the context of the user's browser session...

CVE-2023-50964

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102...

CVE-2024-5062

CVE-2024-5062 : A reflected XSS in zenml-io/zenml

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

GHSA-Q6XV-JM4V-349H Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

LINE client for iOS vulnerable to universal cross-site scripting

Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the context of the victim’s browser...

The vulnerability of the PDF.js library is related to access to resources through incompatible types, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the PDF.js library is related to access to resources through incompatible types. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the context of the victim’s browser...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the context of the victim’s browser...

RLSA-2024:2888 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...