Ocproducts Composr CMS 跨站脚本漏洞

Ocproducts Composr CMS is an open-source content management system CMS developed by the British company Ocproducts, written in PHP language. Version Ocproducts Composr CMS 10.0.34 has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site script in the banner...

PT-2025-51957

Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description The software contains a stored cross-site scripting issue in the Freebox content field. This field is accessible through the theme customization interface, specifically the 'theme freebox.php'...

EUVD-2018-6336

Malware in sbrugna...

LocalAI Cross-site Scripting vulnerability

localai =2.20.1 is vulnerable to Cross Site Scripting XSS. When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage...

CVE-2024-48057

localai =2.20.1 is vulnerable to Cross Site Scripting XSS. When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage...

CVE-2024-48057

CVE-2024-48057 affects LocalAI (version

CVE-2024-48057

localai =2.20.1 is vulnerable to Cross Site Scripting XSS. When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage...

CVE-2024-42364

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

CVE-2024-42364

CVE-2024-42364 – DNS rebinding vulnerability in Homepage 0.9.1. The default, unauthenticated setup of Homepage (0.9.1) can be abused via DNS rebinding to route requests to the internal IP of the Homepage instance, allowing an attacker-controlled site to access sensitive data (e.g., API keys) due ...

CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

CVE-2024-39094

Friendica 2024.03 is affected by a Cross‑Site Scripting (XSS) vulnerability in the settings/profile area accessible via the homepage, xmpp, and matrix parameters. The issue targets the settings/profile component and is exploited through crafted input in those parameters, with details indicating u...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

Friendica 安全漏洞

Friendica is an application of the German Friendica community. It provides decentralized social networking. A security vulnerability exists in Friendica version 2024.03, which stems from susceptibility to cross-site scripting attacks in settings/configuration files via homepage, xmpp and matrix...

TYPO3 possible cache poisoning on the homepage when anchors are used

A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can...

GHSA-P84G-J2GH-83G3 TYPO3 possible cache poisoning on the homepage when anchors are used

A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can...

Debezium UI 2.5 Credential Disclosure Vulnerability

Exploit Title: Debezium UI - Credential Leakage Exploit Author: Ihsan Cetin, Hamza Kaya Toprak Vendor Homepage: https://debezium.io/ Software Link: N/A Version: 2.5 REQUIRED Tested on: N/A CVE : CVE-2024-28736 Proof of concept: Details Debezium-ui version 2.5 is vulnerable to a password exposure...

CVE-2024-4034 Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author

The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for...