CVE-2024-25691

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-38038

Summary: CVE-2024-38038 is a reflected XSS in Esri Portal for ArcGIS. The vulnerability affects ArcGIS Portal versions 11.1 and can be triggered by a crafted, unauthenticated link that may execute JavaScript in the victim’s browser. The issue is documented across multiple sources (NVD/CVE records...

CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-25691

Esri Portal for ArcGIS is affected by a reflected XSS in versions up to 11.1. A crafted link could cause arbitrary JavaScript execution in the victim’s browser. Affected versions include 10.8.1–11.1. Root cause is a cross-site scripting flaw in the portal’s handling of URL/link input. Practical i...

CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...

CVE-2024-25707

CVE-2024-25707 is a reflected cross-site scripting vulnerability in Esri Portal for ArcGIS 11.1 and earlier. The issue allows an authenticated user with administrative privileges to supply a crafted string that could cause arbitrary JavaScript execution in their own browser (Self XSS). The vulner...

CVE-2024-38036 BUG-000154827 - Reflected XSS in ArcGIS Experience Builder

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-38036 BUG-000154827 - Reflected XSS in ArcGIS Experience Builder

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS.

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2024-8149

CVE-2024-8149 describes a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2. The flaw allows a remote, authenticated attacker with low privileges to craft a link that, when clicked by a victim, could execute arbitrary JavaScript in the victim’s br...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload functionality. An attacker can inject malicious scripts or execute arbitrary code by uploading a crafted PDF file containing JavaScript. Details Cross-site scripting or XSS is a code vulnerability...

CVE-2024-45965

CVE-2024-45965 — Contao SVG upload XSS : The vulnerability affects Contao Core Bundle via SVG uploads, enabling stored XSS when an attacker (or authenticated admin) uploads a crafted SVG. Affected versions are: 4.x prior to 4.13.54; 5.0.x–5.3.x prior to 5.3.30; and 5.4.x and 5.5.x prior to 5.5.6....

CVE-2024-47604

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...

CVE-2024-47604 XSS vulnerability in NuGetGallery HTML attributes handling

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...

Updated gnome-shell packages fix security vulnerability

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

PT-2024-31971 · Webkul · Webkul Krayin Crm

Name of the Vulnerable Software and Affected Versions: Webkul Krayin CRM version 1.3.0 Description: A Stored Cross-Site Scripting XSS issue allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalatio...

CVE-2024-46367

CVE-2024-46367 describes a Stored XSS in Webkul Krayin CRM v1.3.0 where a malicious payload in the username field can execute JavaScript, potentially leading to privilege escalation within the CRM. The vulnerability is identified with a high/critical impact (CVSS v3.1: 9.6; Network attack, low co...

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...