CVE-2024-1602

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2025-0747

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...

CVE-2024-57514

The CVE-2024-57514 entry concerns the TP-Link Archer A20 v3 router. Affected component is the web interface’s directory listing handling, where improper processing of listing paths enables Cross-site Scripting (XSS) when a crafted URL is visited. This allows injection of arbitrary JavaScript that...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2025-02830)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web ...

IBM WebSphere Application Server 8.5.x < 8.5.5.27 / 9.x < 9.0.5.22 XSS (7175393)

The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7175393 advisory. - IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary...

Ubuntu: Security Advisory (USN-7061-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7061-1: Go vulnerabilities

Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. CVE-2023-24531 Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not...

Ubuntu 22.04 LTS : Go vulnerabilities (USN-7061-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7061-1 advisory. Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run...

CVE-2024-41572

Learning with Texts LWT 2.0.3 is vulnerable to Cross Site Scripting XSS. The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user...

Cross-Site Scripting

gettext.js is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the parsing of .po dictionary definition files, allowing malicious code injection. Attackers can craft malicious .po files containing JavaScript code, which, when loaded and processed by...

XMB 1.9.12.06 Cross Site Scripting

Exploit Title: Persistent XSS in XMB 1.9.12.06 Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.xmbforum2.com/ Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip Version: 1.9.12.06 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent store...

CVE-2024-32887

A reflected Cross-site scripting XSS vulnerability was found in Rubygem Sidekiq. The value of the substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit this to target the...

GHSA-Q655-3PJ8-9FXQ Sidekiq vulnerable to a Reflected XSS in Queues Web Page

Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the...

USN-6038-2: Go vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

Oracle Linux 8 : nodejs:20 (ELSA-2023-7205)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7205 advisory. - Fixes CVE-2023-44487 nghttp Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

CVE-2023-4093

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

CVE-2023-40624 Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

CVE-2023-24496

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

Cross site scripting

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

Milesight MilesightVPN requestHandlers.js detail_device cross-site scripting (XSS) vulnerabilities

Talos Vulnerability Report TALOS-2023-1704 Milesight MilesightVPN requestHandlers.js detaildevice cross-site scripting XSS vulnerabilities July 6, 2023 CVE Number CVE-2023-24497,CVE-2023-24496 SUMMARY Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice...