CVE-2024-6558 HMS Industrial Networks Anybus-CompactCom 30 Cross-site Scripting

HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by hos...

CVE-2024-6558

CVE-2024-6558 covers a cross-site scripting (XSS) vulnerability in HMS Industrial Networks’ Anybus-CompactCom 30 products with web server functionality. The root cause is improper input sanitization, allowing attacker-supplied HTML/JavaScript to be stored and later rendered in the host browser. A...

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37586)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37583)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

CVE-2024-1891 Stored Cross Site Scripting

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page...

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...

Exploit for CVE-2024-11318

CVE-2024-11318 IDOR - AbsysNet 2.3.1 User Hijacking --- DI...

IBM App Connect Enterprise HTML Injection Vulnerability

IBM App Connect Enterprise combines the existing industry-trusted technology of IBM Integration Bus with IBM App Connect Professional and cloud technology. It provides a platform that supports the comprehensive integration needs of the modern digital enterprise. IBM App Connect Enterprise suffers...

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

CVE-2024-33859

Summary: CVE-2024-33859 affects Logpoint versions prior to 7.4.0. The vulnerability arises from HTML code in logs not being escaped in the “Interesting Field” Web UI, enabling cross‑site scripting (XSS). Affected software: Logpoint before 7.4.0. Root cause: insufficient escaping in the Interestin...

CVE-2024-28108

phpMyFAQ (PHP 8.1+, with MySQL/PostgreSQL and other DBs) has a stored HTML injection vulnerability in the contentLink parameter that can be exploited by unauthenticated users to inject HTML into pages. The issue is tied to insufficient validation and is aggravated when guest users can add FAQs wi...

Cross-site Scripting in livewire/livewire

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

BIT-GITLAB-2021-39946

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis...

BIT-NEOS-2022-30429

Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-21838

CVE-2024-21838: Improper neutralization of special elements (CWE-74) in Gallagher Command Centre’s email generation feature could allow HTML code injection in emitted emails. Affected: Gallagher Command Centre versions 9.00 before vEL9.00.1774 (MR2), 8.90 before vEL8.90.1751 (MR3), 8.80 before vE...