CVE-2024-51111

Cross-Site Scripting XSS vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser...

CVE-2024-49550 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cross-site Scripting (XSS)

sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG files, allowing attackers to inject malicious scripts that execute in the user's browser context...

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to bypass security measures in the victim's context and potentially execute arbitrary code or access sensitive data in the browser context. Mozilla has released updates to fix the...

CVE-2024-46475

A reflected cross-site scripting XSS vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

CVE-2023-6452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Web Security Transaction Viewer allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It h...

CVE-2024-43006

A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...

CVE-2024-36997

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...

CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...

CVE-2024-39307 Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...

Cross-Site Scripting (XSS)

magento/community-edition is vulnerable to a stored Cross-site scripting XSS vulnerability. The vulnerability is due to insufficient input sanitization, allowing an authenticated user to inject malicious JavaScript into the name of the main website, which can then execute in the context of other...

CVE-2024-36211

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2024-26111 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26115 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

Ionity GmbH: HTML injection in swagger UI

A vulnerability was discovered in the Swagger UI that allowed for HTML injection. This vulnerability existed because the application failed to properly sanitize user-supplied input before rendering it in the HTML context. An attacker could have exploited this issue to execute arbitrary scripts in...

CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...