GHSA-4M5R-W2RQ-Q54Q LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

GHSA-V7W9-63XH-6R3W LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php

Summary A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter,...

GHSA-XH4G-C9P6-5JXG LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is...

CVE-2024-41785 IBM Concert cross-site scripting

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

GHSA-R735-9GC6-2HVQ Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

CVE-2022-1226

A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...

CVE-2021-3988

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

FlightPath 安全漏洞

FlightPath is an open source academic advising system for universities from FlightPath, Inc. A security vulnerability exists in FlightPath version 7.5. An attacker can exploit this vulnerability to inject arbitrary JavaScript into a user's web browser...

PT-2024-29564 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.1 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosur...

Pimcore 跨站脚本漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exist...

webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...

CVE-2024-50601

Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...

CVE-2024-11021

CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...

CVE-2024-11019

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...