5 matches found
CVE-2024-29831
CVE-2024-29831 relates to an improper input validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server, potentially enabling remote code execution. Affected: DolphinScheduler; remediation guidance consistentl...
Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
CVE-2024-4367 POC Usage bash python poc.py malicious.p...
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...
Starbucks: Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
Hi guys, I am now able to prove my concerns from 227486 see my last comment. "s are still not correctly encoded when rendered into the page in the element on almost any https://starbucks.co.uk/ page. The WAF is bypassed by encoding "s as %2522 in the URL path. This won't work when the payload is...