CVE-2024-21690

This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...

CVE-2024-41572

Learning with Texts LWT 2.0.3 is vulnerable to Cross Site Scripting XSS. The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user...

CVE-2024-41572

CVE-2024-41572 affects Learning with Texts (LWT) 2.0.3. The root cause is a function that does not filter special characters in URL parameters, enabling remote attackers to perform Cross Site Scripting (XSS). The vulnerability allows attackers to inject JavaScript, potentially stealing user crede...

PT-2024-87: Reflected Cross-Site Scripting (XSS) in Netcat CMS (stats module)

The vulnerability was identified in Netcat stats module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

PT-2024-79: Reflected Cross-Site Scripting (XSS) in Netcat CMS (logging module)

The vulnerability was identified in Netcat logging module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

PT-2024-82: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)

The vulnerability was identified in Netcat CMS netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

PT-2024-92: Reflected Cross-Site Scripting (XSS) in Netcat CMS (filemanager module)

The vulnerability was identified in Netcat filemanager module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

PT-2024-80: Reflected Cross-Site Scripting (XSS) in Netcat CMS (comments module)

The vulnerability was identified in Netcat comments module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

PT-2024-85: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)

The vulnerability was identified in Netcat CMS netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

CVE-2024-23729

The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component...

CVE-2024-43006

A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...

Cross-Site Scripting

gettext.js is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the parsing of .po dictionary definition files, allowing malicious code injection. Attackers can craft malicious .po files containing JavaScript code, which, when loaded and processed by...

CVE-2024-43006

ZZCMS2023 contains a stored XSS in /user/ask_edit.php?action=add via the content parameter. When an attacker injects JavaScript in content and a user loads ask/show_{newsid}.html, the script runs in the user’s browser, potentially stealing cookies or session tokens. Affected component: ZZCMS2023,...

Reflected XSS and CSRF (Cross-Site Request Forgery) in Confluence Data Center and Server

This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 4.3 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery vulnerability, with a CVSS Score of 7.1, allows an unauthenticated attacker to execute...

CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...

GHSA-QM2Q-9F3Q-2VCV Trix has a cross-site Scripting vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for...

The vulnerability of software for training employees in information security skills, such as Antiphish, arises from the lack of protection for website structures. This allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of software for training employees in information security skills is related to the lack of measures taken to protect website structures. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS by injecting malicious JavaScript code...

CVE-2024-41774

IBM Common Licensing 9.0 is affected by CVE-2024-41774: stored cross-site scripting in the Web UI (LKS Administration Reporting Tool/Agent) that could allow a privileged user to inject JavaScript and potentially disclose credentials. Remediation: apply IBM_Common_Licensing_ICL_9.0.0.1 / update to...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

CVE-2024-33536

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading...