CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-45088 IBM Maximo Asset Management cross-site scripting

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-11021

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-11021

CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...

CVE-2024-11021 Grand Vice info Webopac - Stored XSS

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-11019 Grand Vice info Webopac7 - Reflected XSS

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

CVE-2024-11019

CVE-2024-11019 affects Webopac from Grand Vice info. The connected documents describe a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser via phishing techniques. CVSSv3.1 base score 6.1 (Medium) with Netw...

Path traversal, lead to arbitrary file write, lead to remote code execution

Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...

CVE-2024-46962

The SYQ com.downloader.video.fast aka Master Video Downloader application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component...

Inshot Video Downloader 安全漏洞

InShot Inshot Video Downloader is a video download application from InShot. A security vulnerability exists in Inshot Video Downloader version 1.3.5 and earlier, which stems from the presence of an arbitrary JavaScript code execution vulnerability...

Cross-Site Scripting (XSS)

org.apache.nifi,nifi-web-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient input validation on the description field for Parameters in the Parameter Context configuration, allowing an authenticated user to insert arbitrary JavaScript code, which the client...

IBM CICS TX Standard Web UI Cross-Site Scripting Vulnerability

IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A cross-site scripting vulnerability exists in IBM CICS TX Standard version 11.1, which stems from...

Exploit for Cross-site Scripting in Roundcube Webmail

Exploit Title: Roundcube mail server exploit for CVE-2024-373...

CVE-2024-41745

CVE-2024-41745 affects IBM CICS TX Standard Web UI with a cross-site scripting (XSS) vulnerability. An unauthenticated attacker can embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM-issued guidance indicates the vulnerability is ...

CVE-2024-41745 IBM CICS TX Standard cross-site scripting

IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-10652

CVE-2024-10652 affects CHANGING Information Technology’s IDExpert product. The vulnerability arises from improper validation of a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavaScript by performing a Reflected XSS. Affected versions are referenced ...

CVE-2024-42041

The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-42041

The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...