3301 matches found
CVE-2024-36656
MintHCM 4.0.3 is affected by a reflected Cross-site Scripting (XSS) vulnerability in which a registered user can execute arbitrary JavaScript. The issue originates from MintHCM 4.0.3 and is described across multiple sources as enabling a registered user to inject and run JavaScript, leading to XS...
PT-2024-27108 · Minthcm · Minthcm
Name of the Vulnerable Software and Affected Versions: MintHCM version 4.0.3 Description: A reflected Cross-site Scripting XSS attack can be achieved by a registered user, allowing the execution of arbitrary JavaScript code. Recommendations: For MintHCM version 4.0.3, at the moment, there is no...
CVE-2024-36222
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...
CVE-2024-36190
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...
CVE-2024-36151
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...
CVE-2024-26072
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...
CVE-2024-26037 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...
CVE-2024-36224 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...
CVE-2024-26072 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...
CVE-2024-26053
Adobe Experience Manager (AEM) versions 6.5.20 and earlier are documented to contain a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary JavaScript in a victim’s browser. Exploitation requires user interaction (e.g., clicking a crafted link or su...
CVE-2024-36234 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...
CVE-2024-36181 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...
CVE-2024-36190
CVE-2024-36190 affects Adobe Experience Manager (AEM) versions ≤ 6.5.20. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in the victim’s browser context, typically requiring user interaction (e.g., clicking a crafted link o...
CVE-2024-36231 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...
CVE-2024-26058 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...
CVE-2024-36227
Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a DOM-based XSS (CWE-79) that could allow an attacker to execute arbitrary JavaScript in the victim’s browser session. Exploitation typically requires user interaction (e.g., clicking a crafted link or submitting a malicious form)....
Mozilla: Arbitrary JavaScript execution in PDF.js
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...
Mozilla: Arbitrary JavaScript execution in PDF.js
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...
CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt
A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...
CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm
A Cross-Site Scripting XSS vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, whic...