CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...

CVE-2024-28434

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code...

CVE-2024-28434

The CVE affects the Twenty CRM platform (version 0.3.0). It describes a stored cross-site scripting vulnerability triggered by uploading a crafted SVG file, which can lead to JavaScript execution in affected deployments. All connected sources consistently report the same flaw and vulnerable versi...

CVE-2022-32754 IBM Security Verify Directory cross-site scripting

IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445...

CVE-2024-2726 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system

Stored Cross-Site Scripting Stored-XSS vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration...

IBM Sterling Secure Proxy Cross-Site Scripting Vulnerability

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0. An attacker...

IBM Sterling Secure Proxy Cross-Site Scripting Vulnerability (CNVD-2024-15368)

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0, which stems...

CVE-2024-28237 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

PT-2024-3278 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.13 Description: The issue is related to improper input neutralization during web page creation, allowing a remote attacker to conduct a cross-site scripting XSS attack. A user with rights to create and share...

Cross site scripting

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-28517 IBM Sterling Partner Engagement Manager cross-site scripting

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Cross site scripting

Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code wi...

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than ...

Cross-site Scripting (XSS)

rsshub is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the internal media proxy failing to sanitize specially crafted images, which allows an attacker to upload an image resulting in XSS. This allows for the execution of arbitrary JavaScript code. Users accessing a...

BIT-GITLAB-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

BIT-GRAFANA-2020-11110

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

BIT-DRUPAL-2022-24728 Cross-site Scripting in CKEditor4

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

CVE-2024-27627

A reflected cross-site scripting XSS vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...

CVE-2024-27627

A reflected cross-site scripting XSS vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...