CVE-2024-36195

CVE-2024-36195 affects Adobe Experience Manager 6.5.20 and earlier with a stored XSS in vulnerable form fields. The stored payload can execute JavaScript in a victim’s browser when visiting the page containing the field (per NVD description). CVSS 3.1 base score is 5.4 (Medium) with network attac...

CVE-2024-36195 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26055

CVE-2024-26055 affects Adobe Experience Manager 6.5.20 and earlier with a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue could allow an attacker to run arbitrary JavaScript in the victim’s browser context, typically requiring user interaction (e.g., clicking a crafted link or submi...

CVE-2024-36161 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36232

CVE-2024-36232 affects Adobe Experience Manager (AEM) 6.5.20 and earlier, due to a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The underlying issue allows injected JavaScript to execute in a victim’s browser when loading pages containing the affected fields (standal...

CVE-2024-36232 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

Lost And Found Information System 1.0 Cross Site Scripting

Exploit Title: Refelcted Cross Site Scripting Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html...

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...

Mozilla Firefox ESR Security Update (mfsa_2024-23_2024-26) - Mac OS X

Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR bsc1226027 - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...

GHSA-CV23-Q6GH-XFRF WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms

Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...

WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms

Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...

CVE-2024-37297

WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be...

CVE-2024-37297 WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms

WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be...

CVE-2024-37297 WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms

WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be...

CVE-2024-37297 WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms

WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be...

CVE-2024-37168

A flaw was found in grps-js, which implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channe...

CVE-2024-37304 NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...

Reflected Cross-site Scripting (XSS)

jupyter-server-proxy is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the host value in the /proxy endpoint, allowing an attacker to send a phishing link with custom JavaScript that runs when the user clicks the link, potentially granting...