CVE-2024-36159

CVE-2024-36159 affects Adobe Experience Manager 6.5.20 and earlier. It describes a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, enabling an attacker to inject JavaScript that could execute in a victim’s browser when visiting the page containing the field. Mitigation:...

CVE-2024-36141

CVE-2024-36141 affects Adobe Experience Manager (AEM) 6.5.20 and earlier. The described vulnerability is a stored Cross-Site Scripting (XSS) flaw in vulnerable form fields, allowing a low-privileged attacker to inject malicious scripts that may execute in a victim’s browser when visiting the affe...

CVE-2024-36148

CVE-2024-36148 affects Adobe Experience Manager (AEM) versions 6.5.20 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing a low-privileged attacker to inject malicious scripts that execute in a victim’s browser when visiting the affected...

CVE-2024-36193 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36187

Adobe Experience Manager (AEM) prior to version 6.5.21 is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing attacker-injected JavaScript to run in the victim’s browser when visiting a page containing the field. Affected product/version: AEM 6.5.20 a...

CVE-2024-36209 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36172 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36176

Adobe Experience Manager 6.5.20 and earlier are affected by a stored XSS vulnerability in vulnerable form fields, enabling malicious JavaScript execution in a victim’s browser when visiting pages containing those fields. Root cause: DOM/Stored XSS in user-supplied input. Affected product: AEM 6.5...

CVE-2024-26068

Adobe Experience Manager 6.5.20 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. The underlying issue allows attacker‑supplied scripts to execute in a victim’s browser when visiting a page containing the vulnerable field. Exploitation requires user interaction and...

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

CVE-2024-3850

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

Cross-site Scripting (XSS)

ansibleguy-webui is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of user input in multiple forms, allowing injection of HTML elements which are then executed by the browser after job actions...

silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage

RedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser...

JVN#56781258: Splunk Config Explorer vulnerable to cross-site scripting

Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the software Update the software to the latest version according to...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly encoding user-controlled values in file entities. This issue allows an attacker to execute arbitrary scripts in the context of the user's browser...

CVE-2024-22344

IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191...

CVE-2024-34091

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When...

Cross-Site Scripting

sylius/sylius is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input anitaization within the Province field in the Address Book. This allows attackers to inject malicious scripts, which can be executed in the browsers of other users who view the Province field...

CVE-2024-20759 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...