PT-2024-13056 · Westermo · Lynx +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the username parameter in the SNMP configuration...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

PT-2024-14024 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 23.0.2 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

CVE-2022-40744 IBM Aspera Faspex cross-site scripting

IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441...

Cross Site Scripting (XSS)

superbig/craft-audit is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of titles within the application. An attacker can inject arbitrary JavaScript via a title to perform a XSS attack...

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper image sanitization during upload, which allows an authenticated user to upload a crafted image file for their avatar which gets rendered as an HTML file. This allows an attacker to execute arbitrary JavaScrip...

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

Input validation

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...

Osimis WebViewer Cross-Site Scripting Vulnerability

Osimis WebViewer is an AI solution from Osimis. Osimis WebViewer suffers from a security vulnerability that originates from allowing an attacker to execute arbitrary JavaScript code in a victim's browser...

PT-2024-15244 · Osimis · Osimis Webviewer

Name of the Vulnerable Software and Affected Versions: Osimis WebViewer affected versions not specified Description: A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer, the issue gets triggered. If exploited, the attacker wi...

GHSA-WC6F-QJXC-622V Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

Cross site scripting

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to Cross-Site Scripting (XSS). A remote attacker can inject arbitrary JavaScript into a victim’s browser by crafting malicious molfiles, leveraging improper handling of user input in the viewer component. Affected version range is prior to 0.3.0; exploit ...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

Cross Site Scripting (XSS)

avo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of the keyvalue parameters within keyvaluecontroller.js. An attacker can inject arbitrary Javascript into the victim's browser...

PT-2024-19405 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog affected versions not specified Description: The issue is related to improper storage and rendering of user comments on the /user/ page, allowing arbitrary javascript code execution. This is due to the use of the |safe tag in the...

CVE-2022-3194

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

CVE-2023-51067

An unauthenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...