Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS that stems from...

CVE-2024-47003 DoS via non-string message using permalink embed

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

GHSA-RGG8-G5X8-WR9V Cross-site scripting (XSS) in the clipboard package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious...

CVE-2024-45613

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

GHSA-M5P9-XVXJ-64C8 Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting

Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...

Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting

Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...

CVE-2024-9148

Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...

CVE-2024-9148

Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...

PT-2024-31709 · Unknown · Ckeditor 5

Name of the Vulnerable Software and Affected Versions: CKEditor 5 versions 40.0.0 through 43.1.1 Description: A Cross-Site Scripting XSS issue is present in the CKEditor 5 clipboard package, which could be triggered by a specific user action, leading to unauthorized JavaScript code execution if a...

CVE-2024-9148

Summary: CVE-2024-9148 affects Flowise before 2.1.1 and Flowise Chat Embed before 2.0.0. It is a stored Cross-Site Scripting vulnerability caused by insufficient input sanitization. Authors/maintainers indicate fixes via version updates. Impact details in connected documents cite stored XSS with ...

CVE-2024-9148 Flowise Stored Cross-Site Scripting

Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...

PT-2024-39457 · Flowise +1 · Flowise +1

Name of the Vulnerable Software and Affected Versions: Flowise versions prior to 2.1.1 Flowise Chat Embed versions prior to 2.0.0 Description: The issue is related to a Stored Cross-Site vulnerability due to a lack of input sanitization. Recommendations: For Flowise versions prior to 2.1.1, updat...

CVE-2024-7599

The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermonvideoembed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Advanced Sermons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

DRUPAL-CONTRIB-2024-037

Open Social is a Drupal distribution for online communities, which ships with an optional module called Social Embed. This module allows a website to display embedded content such as photos or videos when a user posts a link to that resource, without having to parse the resource directly. Added...

Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037

Open Social is a Drupal distribution for online communities, which ships with an optional module called Social Embed. This module allows a website to display embedded content such as photos or videos when a user posts a link to that resource, without having to parse the resource directly. Added...

WordPress WooCommerce Multiple Customer Addresses & Shipping plugin < 24.9 - Vulnerable ACF Pro plugin Embed vulnerability

Vulnerable ACF Pro plugin Embed vulnerability discovered by ? in WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping versions 24.9...

CVE-2024-37221

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3...

CVE-2024-37221

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3...