Simple Responsive Tourism Website 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Simple Responsive Tourism Website v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-45745 TopQuadrant TopBraid EDG JavaScript console XXE

TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...

CVE-2024-46470

Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membershiptype field in the edit-type.php component...

CVE-2024-46470

Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membershiptype field in the edit-type.php component...

GHSA-MPCH-89GM-HM83 Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal

Summary A vulnerability has been discovered in Agnai that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, da...

CVE-2024-8704 Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fmalocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrar...

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusio...

CVE-2024-45613

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

CVE-2024-45613

CVE-2024-45613 affects CKEditor 5 (clipboard package) with versions 40.0.0 up to but not including 43.1.1. The XSS vulnerability requires a very specific editor configuration: the Block Toolbar plugin must be enabled and either General HTML Support (with unsafe markup) or HTML Embed also enabled....

CVE-2024-45613

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

CVE-2024-47068

A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta such as import.meta.url in the cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XS...

CVE-2024-47068

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

CVE-2024-47068 DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

CVE-2024-47068

CVE-2024-47068 describes a DOM Clobbering vulnerability in Rollup, where bundling scripts using properties from import.meta (eg. import.meta.url) in formats like cjs/umd/iife can trigger XSS via attacker-controlled, scriptless HTML elements. Affected versions are Rollup &lt; 2.79.2, &lt; 3.29.5, ...

CVE-2024-47068 DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

CVE-2024-47068 DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

CVE-2024-47068

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

How the Necro Trojan infiltrated Google Play, again

Introduction We sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don't have. Unfortunately, it's not uncommon for popular mods to...

CVE-2024-47226

NetBox 4.1.0 is affected by a stored XSS in the Admin panel’s Configuration History feature, via the /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the Top banner field. The issue’s validity is debated by third parties, arguing the banner is...