PT-2024-54: Reflected Cross-Site Scripting (Reflected XSS) in Moodle

The vulnerability was identified in Moodle versions 4.5; 4.4 - 4.4.4; 4.3 - 4.3.8. The discovered vulnerability, which exists due to a lack of filtering during course editing, can be exploited by an attacker to embed an arbitrary JavaScript code into the body of a page. Vulnerability status:...

CVE-2024-47107

IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-47107

IBM QRadar SIEM 7.5 is affected by CVE-2024-47107, a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript into the Web UI, potentially leading to credential disclosure within a trusted session. The CVSS base score is 6.4 (Vector: CVSS:3.1/AV:N/A...

CVE-2024-47107 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-11990 Cross-Site Scripting (XSS) en SurgeMail de NetWin

A Cross-Site Scripting XSS vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters...

CVE-2024-11990 Cross-Site Scripting (XSS) en SurgeMail de NetWin

A Cross-Site Scripting XSS vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization when adding notes to a device, allowing JavaScript code in the notes to be triggered when the ExamplePlugin is enabled...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

Reflected Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization in the "reportthis" function, allowing attackers to inject and execute arbitrary JavaScript code via the "section" parameter of the "logs" tab...

SEH utnserver Pro 20.1.22 Cross Site Scripting

St. Pölten UAS 20241118-0 ------------------------------------------------------------------------------- title| Multiple Stored Cross-Site Scripting product| SEH utnserver Pro vulnerable version| 20.1.22 fixed version| 20.1.35 CVE number| CVE-2024-11304 impact| High homepage|...

IBM Concert Cross-Site Scripting Vulnerability (CNVD-2024-46794)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a cross-site scripting vulnerability that stems from allowing an unauthenticated attacker to embed arbitrary JavaScript code i...

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

CVE-2024-50355

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can b...

CVE-2024-50355

CVE-2024-50355 affects LibreNMS (PHP/MySQL/SNMP-based) where Admins can edit a device’s Display Name; input is not properly sanitized, allowing JavaScript in the name to execute in various contexts (persistent XSS). The vulnerability impacts multiple endpoints that display or reflect the Display ...

GHSA-4M5R-W2RQ-Q54Q LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the...

GHSA-C86Q-RJ37-8F85 LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the...

CVE-2024-41785 IBM Concert cross-site scripting

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-41785 IBM Concert cross-site scripting

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...