CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection

Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...

CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

CVE-2023-6028 SDM Web interface vulnerable to XSS

A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

CVE-2023-50947 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2023-37531 A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

Cross-site Scripting Vulnerability on Avatar Upload

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2 and was tested on version 1.8.2. Overview Label Studio has a cross-site scripting XSS vulnerability that coul...

Cross-site Scripting (XSS)

JFinalcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of parameter sanitization which allows attackers to run arbitrary JavaScript code via the /admin/login username parameter...

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

CVE-2023-7238

A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser...

Cross-Site Scripting (XSS)

MolecularFaces is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of user input within the viewer plugin implementation of . This allows an attacker to inject arbitrary JavaScript code into the client browser by crafting malicious molfiles...

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

Cross site scripting

Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the...

avo vulnerable to stored cross-site scripting (XSS) in key_value field

Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...

avo vulnerable to stored cross-site scripting (XSS) in key_value field

Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2021-38927 IBM Aspera Console cross-site scripting

IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322...