CVE-2024-31971

Multiple stored cross-site scripting XSS vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html,...

CVE-2024-6783 Vue client-side XSS via prototype pollution

A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code...

CVE-2024-34128

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-34128 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-34128

CVE-2024-34128 concerns Adobe Experience Manager (AEM) with a stored Cross-Site Scripting (XSS) vulnerability in versions 6.5.20 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which may execute JavaScript when a victim navigates to...

Cross-site Scripting (XSS)

Roundup is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of JavaScript in PDF, XML, and SVG documents...

ROS-20240719-05

A vulnerability in the ejs web application development pattern for Node.Js is related to incorrect neutralization of special elements in the output data used by the input component. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting...

Template Injection

github.com/requarks/wiki is vulnerable to Template injection. The vulnerability is due to improper sanitization of user inputs, allowing attackers to inject malicious JavaScript into the content section of pages. Attackers can exploit this by inserting an invalid HTML tag with a template injectio...

CVE-2024-39090

The connected Red Hat and vulnerability records corroborate CVE-2024-39090 for PHPGurukul Online Shopping Portal Project v2.0 (and 2.0.3 in metrics). The issue is a CSRF that can precipitate Stored XSS, allowing an attacker to execute arbitrary JavaScript in a user’s session and possibly take ove...

CVE-2024-39090

The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery CSRF to lead to Stored Cross-Site Scripting XSS. An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentiall...

Roundup Cross-site Scripting Vulnerability

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

UBUNTU-CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

PYSEC-2024-65

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

CVE-2024-32981

The CVE-2024-32981 issue affects the Silverstripe framework (PHP) used by Silverstripe CMS. It describes an XSS vulnerability where a CMS editor can submit a specially crafted encoded payload that forces a front-end JavaScript injection; client-side sanitisation would not catch it, but server-sid...

CVE-2024-32981 Cross-site Scripting vulnerability with encoded payload in silverstripe/framework

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end o...

CVE-2024-28796

Summary: IBM Rational ClearQuest (CQ) 9.1–9.1.0.6 is vulnerable to a stored cross-site scripting (XSS) in the Web UI, allowing embedding of arbitrary JavaScript that can alter functionality and potentially lead to credentials disclosure within a trusted session. Root cause (as described): lack of...

Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload

Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch...

GHSA-CHX7-9X8H-R5MG Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload

Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch...

CVE-2024-39126

CVE-2024-39126 : The vulnerability affects Roundup prior to 2.4.0, enabling cross-site scripting through JavaScript in PDF, XML, and SVG documents. The description and connected records confirm the issue, but do not provide exploitation details, affected vendor-specific patch versions, or concret...

CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...