Cross-site Scripting (XSS)

Enhavo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Create Tag functionality, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload into the Create Tag field within the New/Edit Article panel...

Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

GHSA-38M8-5GFC-663G Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

Cross site scripting

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

PT-2024-21178 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the New/Edit Article module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. Recommendations: F...

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

Enhavo CMS Security Vulnerability

Enhavo CMS is a content management system from Enhavo. A security vulnerability exists in Enhavo CMS version v0.13.1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Create Tag text field...

RHEL 9 : postgresql (RHSA-2024:0951)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0951 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

ovirt: authentication bypass

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...

LIVEBOX Collaboration vDesk Cross-Site Scripting Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A cross-site scripting vulnerability exists in LIVEBOX Collaboration vDesk v031 and earlier versions, which stems from a cross-site scripting vulnerability in the title and /dashboard/reminders parameters of the...

PT-2024-18238 · Shopwind · Shopwind

Name of the Vulnerable Software and Affected Versions: Shopwind versions up to 4.6 Description: A critical issue affects the actionCreate function of the /public/install/controllers/DefaultController.php file in the Installation component, leading to code injection. The attack can be initiated...

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v031 and prior versions, which stems from a redirection via the /api/v1/notification/createnotification endpoint that allows an authenticated user to send arbitrary push...

SUSE SLES12: postgresql13 / postgresql13-contrib / postgresql13-devel / etc (SUSE-SU-2024:0541-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0541-1 advisory. Upgrade to 13.14: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679. Tenable has...

AZL-35810 CVE-2023-52434 affecting package kernel for versions less than 5.15.153.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...

DEBIAN-CVE-2023-52434

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...

UBUNTU-CVE-2023-52434

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...

CVE-2024-25973 Multiple Stored Cross-Site Scripting Vulnerabilities

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting XSS vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog...