CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

CVE-2024-36992

CVE-2024-36992 affects Splunk Enterprise and Splunk Cloud Platform. A low-privilege user who does not hold admin/power roles can craft a malicious payload via a Dashboard element’s url parameter due to insufficient input validation, leading to persistent Cross-site Scripting (XSS) by executing un...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0717)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0717 advisory. - In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user...

Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0714)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0714 advisory. - In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...

CVE-2023-50964 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102...

CVE-2023-50964 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102...

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is affected by a stored cross-site scripting (XSS) vulnerability in the Web UI (CVE-2024-28797). The issue allows an attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credential disclosure within a truste...

CVE-2024-28797 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2024-28798

The CVE-2024-28798 entry concerns IBM InfoSphere Information Server 11.7 and describes a stored cross-site scripting vulnerability in the Web UI that can alter functionality and potentially disclose credentials in a trusted session. Affected product/version: IBM InfoSphere Information Server 11.7...

CVE-2024-28798 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2024-28795

CVE-2024-28795 affects IBM InfoSphere Information Server 11.7. The vulnerability is a cross-site scripting (stored XSS) flaw in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Root cause is exposure in the Web UI (no p...

CVE-2024-28795 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832...

CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2024-28795)

Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-28795 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript co...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

IBM WebSphere Automation Cross-Site Scripting Vulnerability

IBM WebSphere Automation is an operations platform from International Business Machines IBM that automates operational activities to proactively reduce security risks and accelerate threat remediation. A cross-site scripting vulnerability exists in IBM WebSphere Automation version 1.7.0, which ca...

Cross-site Scripting (XSS)

zendframework/zendframework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to view helpers using escapeHtml instead of escapeHtmlAttr to escape HTML attributes, which can lead to potential XSS attack vectors when user data or JavaScript is used...

CVE-2024-35153

CVE-2024-35153 is a cross-site scripting vulnerability in IBM WebSphere Application Server UI, enabling a privileged user to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected products: IBM WebSphere Application Server 8.5 and 9.0. The...