Adobe Acrobat Reader post-release reuse vulnerability (CNVD-2023-71756)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a post-release reuse vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current...

CVE-2023-32782

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerabili...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles issue descriptions. An attacker can exploit this vulnerability to inject malicious code into an issue description, which can then be executed by other users when they...

Cross site scripting

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...

CVE-2022-43703

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files...

Malicious code in @ms-atlas/datastudio-diagnostics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3f339799f51093d5209c8cdce0977b24869016867c813f0abcfc5143e81f921 The OpenSSF Package Analysis project identified '@ms-atlas/datastudio-diagnostics' @ 0.2.10 npm as malicious. It is considered malicious because...

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

WP Brutal AI < 2.06 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC In the plugin settings, for a...

Stored XSS in title

Description There is Stored XSS in the item title of the menu on the administrator screen. Proof of Concept Step 1. Log in to the admin screen and select Add New Item in Menu. Step 2. Specify the following Payload for the item title and save it. Step 3. Once saved, any script can be executed on t...

MAL-2023-1101 Malicious code in @recordedfuture/rf-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aac1388d71025ac7f2f7dea84dd37f82d5d7392e8714f56bfaa66803982bb1c3 The OpenSSF Package Analysis project identified '@recordedfuture/rf-native' @ 2.0.0 npm as malicious. It is considered malicious because: - The...

CVE-2023-35166

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

Malicious code in tempomati-omega-69-emcuf7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a012c605870034511688f664880e997bc8423cd7707f3de28326adc144f4fb4a The OpenSSF Package Analysis project identified 'tempomati-omega-69-emcuf7' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in gtf-error-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c82adcb211353de0790c397f626068e2d5397effcfd904dcfeafd92cb450f2f1 The OpenSSF Package Analysis project identified 'gtf-error-tracker' @ 99.9.8 npm as malicious. It is considered malicious because: - The package...

Malicious code in sheer-chat-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d839a0fb67fa059c99a601275ac672b165b73e3ebfc3c2fcf03cece841f6ecf2 The OpenSSF Package Analysis project identified 'sheer-chat-client' @ 99.9.8 npm as malicious. It is considered malicious because: - The package...

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the "Enter the URL: field, add the XSS payloa...

K04524282: XSS vulnerability in undisclosed TMUI page CVE-2018-15314

Security Advisory Description A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2018-15314 Impact BIG-IP A remote unauthenticated...

CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

CVE-2023-24989

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...

Design/Logic Flaw

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...