17848 matches found
CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
CVE-2024-45489
CVE-2024-45489 describes a remote code execution in Arc browser JavaScript boosts, stemming from misconfigured Firebase ACLs that allowed creation or updating boosts using another user’s ID. This installs the boost into the victim’s browser and executes arbitrary JavaScript in a privileged contex...
CVE-2024-8653
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...
CVE-2024-8652
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...
CVE-2024-8653 Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...
CVE-2024-8653 Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...
CVE-2024-8653
CVE-2024-8653 affects NetCat CMS with multiple reflected cross-site scripting vulnerabilities in the netshop module. Affected versions include 6.4.0.24126.2 (and potentially others); a patch is available in versions 6.4.0.24248 and later. The vulnerability allows an attacker to execute JavaScript...
CVE-2024-8652
CVE-2024-8652 : NetCat CMS is affected by a reflected cross-site scripting vulnerability in the openstat module. Affected versions are 6.4.0.24126.2 through 6.4.0.24247. The issue allows an attacker to execute JavaScript in a user’s browser when they visit a specifically crafted path. Exploitatio...
GHSA-R9CR-QMFW-PMRC Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents or a...
CVE-2024-45811
Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it...
CVE-2024-45812 DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite
Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptle...
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content
Summary A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the label parameter, leading to the execution of arbitrary...
GHSA-RW5H-G8XQ-6877 Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content
Summary A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the label parameter, leading to the execution of arbitrary...
CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...
CVE-2024-38380 Millbeck Communications Proroute H685t-w Cross-site Scripting.
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session...
CVE-2024-38380 Millbeck Communications Proroute H685t-w Cross-site Scripting.
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session...
mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions
The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...
RLSA-2024:6148 Moderate: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...
CVE-2024-45800
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
CVE-2024-45800 Multiple mXSS found in snappymail HTML parser
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...