LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS

Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. Vulnerable Code...

GHSA-72M9-7C8X-PMMW LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS

Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. Vulnerable Code...

CVE-2024-3776

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks...

CVE-2023-47714 IBM Sterling File Gateway cross-site scripting

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2024-22357

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2023-45186

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2024-22357 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2024-25705

CVE-2024-25705 describes a cross-site scripting issue in Esri Portal for ArcGIS Experience Builder versions 11.1 and below. The CVE record states exploitation requires basic authenticated access (low-privilege), while a PT-Security entry notes a remote, unauthenticated attacker scenario; there is...

CVE-2024-25703

CVE-2024-25703 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2024-25698 Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...

CVE-2024-25698 Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...

CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...

CVE-2024-29890

CVE-2024-29890 affects DataLens/DataLens UI components, with a vulnerability in datalens-ui prior to version 0.1449.0. A specially crafted request can create a chart type that passes custom JavaScript, which then executes in an unprotected sandbox on subsequent chart requests. The issue has a kno...

CVE-2024-23727

The YI Smart Kami Vision com.kamivision.yismart application through 1.0.020231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate input validation of the "news" parameter in a POST request, allowing an attacker to inject malicious JavaScript code. Upon visiting the compromised news page, the XSS payload is triggered...

CVE-2024-23727

CVE-2024-23727 affects the YI Smart Kami Vision (com.kamivision.yismart) Android app via version 1.0.0_20231219. The vulnerability stems from allow­ing an implicit Android intent to WebViewActivity to execute arbitrary JavaScript code, enabling a remote attacker to run JS on the device with no us...

CVE-2024-28784

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893...