Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

AlmaLinux 8 : libreoffice (ALSA-2024:4242)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4242 advisory. libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic CVE-2024-3044 Tenable has extracted the...

CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10147810)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-41357 Galaxy Software Services Vitals ESP - Arbitrary File Upload

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

CVE-2023-41318 Unsafe media served inline on download endpoints in matrix-media-repo

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...

Mitel MiVoice Connect Security Breach

Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect version 19.3 SP2 22.24.1500.0 that originates from improper access control within the Linux DVS server...

Cross site scripting

HCL Verse is susceptible to a Reflected Cross Site Scripting XSS vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, ...

CVE-2021-42082 Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355

Local users are able to execute scripts under root privileges. POC On the local host run the following command: curl 'localhost:8154/qstor/qsupgrade.py?taskId=1&a=;whoami'...

CVE-2021-42082

CVE-2021-42082 affects OSNEXUS QuantaStor prior to 6.0.0.355, enabling local users to escalate to root by executing scripts (e.g., via a crafted upgrade script). Evidence from CVE records and related sources confirms the affected product/version and local-privilege escalation impact, with a PoC s...

CVE-2023-31457

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

CVE-2021-27788 HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability

HCL Verse is susceptible to a Cross Site Scripting XSS vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other...

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...

Gotify 跨站脚本漏洞

Gotify is a simple server to send and receive messages. A cross-site scripting vulnerability exists in Gotify server versions prior to 2.2.2, which stems from an XSS vulnerability that allows an authenticated user to upload an html file, which allows an attacker to execute client-side script and...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073 Quaonos Schema ST4 example templates prone to XSS

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-45017

A cross-site scripting XSS vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field...

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...