185 matches found
PT-2025-17738 · Hcl · Hcl Leap
Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue concerns multiple vectors in HCL Leap that allow client-side script injection in the authoring environment and deployed applications. Recommendations: At the moment, there is no...
PT-2025-17737 · Hcl · Hcl Leap
Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue is related to insufficient sanitization in HCL Leap, which allows client-side script injection in the authoring environment. Recommendations: At the moment, there is no informati...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...
Supply Chain Attack
Fides is vulnerable to Supply Chain Attack. The vulnerability is due to mishandling of client-side script dependencies and the use of a compromised third-party domain like polyfill.io. The vulnerability allows an attacker to serve malicious scripts to users of legacy browsers when they load...
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
EUVD-2024-2328
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...
CVE-2024-23186
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...
CVE-2024-23187
Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...
CVE-2024-23187
Open-Xchange App Suite (OX App Suite) is affected by CVE-2024-23187 in versions up to 8.21. The issue arises from Content-ID based embedding of resources in emails, which could be abused to trigger client-side script code when using the “show more” option. Attackers could perform malicious API re...
CVE-2024-23186
Summary: CVE-2024-23186 affects Open-Xchange Open-Xchange App Suite (see connected sources). An email contains malicious display-name information that can trigger client-side script execution on specific mobile devices, enabling attackers to perform malicious API requests or extract data from use...
CVE-2024-23186
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...
CVE-2024-30214
CVE-2024-30214 concerns SAP Business Connector. The connected documents confirm a cross-site scripting (XSS) vulnerability where an attacker with high privileges can append a malicious GET query parameter to Service invocations that are reflected in the server response, potentially allowing clien...
CVE-2023-48255
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...
CVE-2023-48255
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...
CVE-2023-48254
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...
CVE-2023-48254
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...
Code injection
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...
CVE-2023-48255
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...
CVE-2023-48255
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...