CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

CVE-2024-25435

CVE-2024-25435 : A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. Affected software is Md1health Md1patient (version 2.0.0). The underlying cause is improper...

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

Bagisto Cross-Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in Bagisto before v.1.3.2 allows an attacker to execute arbitrary code via a crafted HTML script...

CVE-2023-36237

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script...

GHSA-H9J7-5XVC-QHG5 langchain Server-Side Request Forgery vulnerability

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

Out-of-Bounds Write

chromium is vulnerable to Out-of-Bounds Write. The vulnerability is due to improper handling of memory boundaries within the Blink library, which can be exploited by malicious HTML content...

CVE-2024-0243

LangChain’s CVE-2024-0243 describes an SSRF in the RecursiveUrlLoader used by LangChain, where an attacker controlling the content at a base URL (e.g., https://example.com) can inject links that cause the crawler to fetch external URLs despite prevent_outside being set. The issue is fixed in the ...

Cross-site Scripting (XSS)

Enhavo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Create Tag functionality, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload into the Create Tag field within the New/Edit Article panel...

Cross-site Scripting (XSS)

enhavo is vulnerable to Cross-Site Scripting XSS. The vulnerability due to inadequate sanitization of user-supplied input in the Title text field, enabling attackers to inject and execute arbitrary scripts or HTML...

Liferay Portal 7.4.x < 7.4.3.14 XSS

The version of Liferay Portal installed on the remote host is prior to 7.4.3.14. It is, therefore, affected by a vulnerability as referenced in the advisory. - Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and...

CVE-2024-26151

The CVE-2024-26151 issue affects the mjml-python package (FelixSchwarz/mjml-python), an unofficial Python port of MJML. The root cause is that untrusted input can be rendered as HTML in the final output when injected into mjml templates, allowing an attacker to influence email contents sent to ot...

GHSA-PCM8-QQRP-W6QF Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

GHSA-C579-HHW5-CR3P Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

Cross site scripting

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

Cross site scripting

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

Cross-Site Scripting(XSS)

Liferay Portal and Liferay DXP are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization in the HtmlUtil.escapeJsLink method, This flaws allowing remote attackers to inject arbitrary web script or HTML via crafted javascript: style links...