CVE-2024-41843

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The underlying issue is improper input handling in certain pages, allowing attacker-supplied scripts to execute in a victim’s browser when the page contai...

CVE-2024-41876 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-41877

CVE-2024-41877 affects Adobe Experience Manager (AEM) 6.5.19 and earlier. The vulnerability is a stored Cross-Site Scripting (XSS) flaw in vulnerable form fields, allowing malicious JavaScript to run in a victim’s browser when the page with the field is loaded. The issue is confirmed across multi...

CVE-2024-41877 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-41842 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-41878 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires...

CVE-2024-41842 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PlantUML 1.2024.6 Cross Site Scripting

Exploit Title: PlantUML version 1.2024.6 Cross Site Scripting XSS Date: 23/08/2024 Exploit Author: Hosein Vita Vendor Homepage: https://plantuml.com/ Version: 1.2024.6 Tested on: Linux Description: This proof-of-concept demonstrates a Cross-Site Scripting XSS vulnerability in PlantUML. The...

CVE-2023-6452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Web Security Transaction Viewer allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It h...

Google patches actively exploited zero-day in Chrome. Update now!

Google has released an update for its Chrome browser which includes a patch for a vulnerability that Google says is already being exploited, known as a zero-day vulnerability. Google has fixed that zero-day with the release of versions 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Lin...

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Typ...

Online Shopping System Master 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : online shopping system master v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

Online Banking System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Banking System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-41572

Learning with Texts LWT 2.0.3 is vulnerable to Cross Site Scripting XSS. The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user...

GO-2022-0498 Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd...

The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat framework exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript code in the user’s browser remotely...

CVE-2024-43396 Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)

Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in...

GHSA-CF72-VG59-4J4H Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)

Summary The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. Details The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary...

Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)

Summary The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. Details The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary...

CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...