17848 matches found
CVE-2024-43788
Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...
Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
Automad Cross-site Scripting vulnerability
A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...
GHSA-G8H2-J9PM-4XX2 Automad Cross-site Scripting vulnerability
A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...
CVE-2024-41846
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-41847
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
CVE-2024-41843
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-41842
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-41841
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
CVE-2024-41841
CVE-2024-41841 affects Adobe Experience Manager (AEM) versions 6.5.20 and earlier, with a reflected XSS vulnerability that can execute malicious JavaScript in a victim’s browser when a user visits a crafted URL. The issue is confirmed in multiple sources and is exploitable via a vulnerable page r...
CVE-2024-41841 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
CVE-2024-41847
Summary: CVE-2024-41847 affects Adobe Experience Manager (AEM) 6.5.20 and earlier, with a reflected Cross-Site Scripting (XSS) vulnerability triggered when a user visits a vulnerable page URL. The underlying issue allows attacker-supplied JavaScript to run in the victim’s browser context. Accordi...
CVE-2024-41844 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-41844
Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, enabling malicious scripts to execute in a user’s browser. The CVE-2024-41844 entry specifies the issue and its impact; a CVSSv3.1 base score of 5.4 (Medi...
CVE-2024-41845 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-41875
CVE-2024-41875 affects Adobe Experience Manager versions 6.5.20 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing an attacker to inject malicious scripts that execute in a victim’s browser when loading the page containing the field. Pu...
CVE-2024-41845
CVE-2024-41845 concerns Adobe Experience Manager (AEM) versions 6.5.20 and earlier, which are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The public description states malicious JavaScript can be executed in a victim’s browser when visiting a page cont...