CVE-2024-36494

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if th...

CVE-2024-28142

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

CVE-2024-36494

CVE-2024-36494 involves a cross-site scripting vulnerability on the login page (/cgi/slogin.cgi) caused by missing input sanitization of the -tsetup+-uuser parameter. The issue can allow an attacker to execute arbitrary JavaScript in other users’ browsers, potentially enabling phishing-focused lo...

CVE-2024-47947 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

CVE-2024-47947

CVE-2024-47947 concerns a stored XSS vulnerability in Image Access Scan2Net/ScanWizard ecosystem. The issue arises from missing input sanitization in the configuration menu’s "Edit Disclaimer Text" function, exploitable by an attacker to inject JavaScript that runs in other users’ browsers. Affec...

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

CVE-2024-28142

The CVE-2024-28142 entry describes stored cross-site scripting via improper input sanitization on the Image Access Scan2Net (and related lines) File Name input on the User Settings page (/cgi/uset.cgi?-cfilename). The root cause is inadequate filtering of the file name and wildcard character inpu...

CVE-2024-53274

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access Germany. A security vulnerability exists in Image Access Scan2Net version 7.40 and earlier, version 7.42 and earlier, and version 7.42B and earlier, which stems from improper input cleanup and allows an attacker to perform a cross-sit...

PT-2024-22292 · Image Access Gmbh · Scan2Net

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is due to missing input sanitization, allowing an attacker to perform cross-site-scripting attacks and run arbitrary Javascript in the browser...

CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...

CVE-2024-50585

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" nlslogin.jsp page. The vulnerability can be triggered by sending a speciall...

CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary Java script via the filename parameter...

CVE-2024-11990

The CVE-2024-11990 entry concerns SurgeMail v78c2 with a Cross-Site Scripting (XSS) issue that lets an attacker execute arbitrary JavaScript when a crafted payload is injected into vulnerable parameters. Connected documents corroborate that the vulnerability affects SurgeMail 78c2 and describe th...

Reflected Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization in the "reportthis" function, allowing attackers to inject and execute arbitrary JavaScript code via the "section" parameter of the "logs" tab...

MyBB Cross-Site Scripting Vulnerability (CNVD-2024-46255)

MyBB is a free and open source forum software, written in PHP, supporting MySQL, MariaDB, PostgreSQL and SQLite databases. A cross-site scripting vulnerability exists in MyBB. The vulnerability is related to the component installindex.php, which does not adequately clean up the websitename...

CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...