EUVD-2024-32903

Malicious code in bioql PyPI...

Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

A DOM-based cross-site scripting vulnerability was discovered in rails-ujs, affecting versions 5.1.0 and above. By pasting malicious HTML content with specific attributes into a contenteditable element, an attacker could execute arbitrary JavaScript on the affected origin. The vulnerability has...

Cross site scripting

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2020-36692

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...

Cross site scripting

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...

CVE-2020-36692

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...

CVE-2023-27293

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code. The maintainers state that the issue is fixed in version 7.0.0...

CVE-2021-40492

The CVE-2021-40492 entry refers to a reflected XSS in Gibbon, version 22. Affected software: Gibbon application (version 22). Vulnerable component: multiple index.php pages that reflect user-controlled input. Root cause: improper sanitization/escaping leading to arbitrary JavaScript execution. Ex...

CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior...

Cross site scripting

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an...

CVE-2017-1000509

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

Cross site scripting

Canvs Canvas version 3.4.2 contains a Cross Site Scripting XSS vulnerability in User's details that can result in denial of service and execution of javascript code...

CVE-2017-1000510

Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...

Cross site scripting

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

CVE-2017-1000507

Canvs Canvas version 3.4.2 contains a Cross Site Scripting XSS vulnerability in User's details that can result in denial of service and execution of javascript code...

CVE-2017-1000509

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

Cross site scripting

Mautic version 2.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Company's name that can result in denial of service and execution of javascript code...