Self XSS when sending HTML as a comment in the Deck app

None...

Splunk Security Breach

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

Vulnerabilities fixed in Zimbra

Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party can exploit the vulnerabilities to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's...

Vulnerability fixed in FortiOS

Fortinet has fixed a vulnerability in FortiOS and FortiProxy. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim. Because the vulnerability is located in the guest-managemen...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics and Dynamics Finance & Operations. A malicious person could exploit them to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the...

PT-2023-4159 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: An issue was discovered in the download functionality, allowing an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacke...

Vulnerabilities fixed in IBM Cognos

IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access to sensitiv...

CVE-2023-37272 XSS vulnerability in JOC Cockpit branch 1.13

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1....

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service, to gain access to system data, or to execute arbitrary code in the context of the browser of the victim. To do this, the malicious party must trick the victim into openin...

Vulnerability fixed in Cisco Prime Infrastructure

Cisco has fixed a vulnerability in the Web-based management interface of Prime Infrastructure. An unauthenticated malicious person with access to the management environment can exploit the exploit the vulnerability to perform a cross-site scripting XSS attack. Such an attack can lead to execution...

CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

GHSA-4RRC-5VP6-M3F6 MantisBT XSS issue on the view_all_bug_page.php

An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on viewallbugpage.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue if CSP...

CVE-2021-27416

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...

CVE-2022-0473

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...

CVE-2021-41318

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...

CVE-2021-41318

CVE-2021-41318 concerns Progress WhatsUp Gold, affected up to versions before 21.1.0. The issue is a failure to adequately sanitize input at an application endpoint, enabling an unauthenticated attacker to execute arbitrary code in a victim’s browser (stored XSS-type risk). The vulnerability is t...

Progress Software Corporation Progress WhatsUp Gold 跨站脚本漏洞

Progress Software Corporation Progress WhatsUp Gold is a network monitoring software from Progress Software Corporation, USA. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. Progress WhatsUp Gold suffers from a cross-site...

CVE-2021-33675

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...

CVE-2021-33673

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting XSS vulnerability when a user browses through the employee directory and to execute arbitrary code ...

Vulnerabilities fixed is MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow an unauthenticated remote malicious person to be able to execute arbitrary code in the victim's browser. To do so, the malicious party must induce the victim to follow a rogue hyper-link to follow CIRCL has released updates to fix...