CVE-2024-33536

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

ROS-20240812-02

A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...

CVE-2024-33533

Vulnerability summary (CVE-2024-33533) : In Zimbra Collaboration (ZCS) 9.0 and 10.0, the webmail admin interface is vulnerable to a reflected XSS due to inadequate input validation of the packages parameter. An authenticated attacker can upload a malicious JavaScript file and craft a URL with its...

CVE-2024-33536

CVE-2024-33536 (Zimbra) affects Zimbra Collaboration Suite (ZCS) 9.0 and 10.0. The issue stems from inadequate input validation of the res parameter, enabling an authenticated attacker to inject and execute arbitrary JavaScript in another user’s browser session. Exploitation involves uploading a ...

Mozilla Firefox Memory Misreference Vulnerability (CNVD-2024-35561)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory misreference vulnerability exists in versions prior to Mozilla Firefox 129, which stems from a mix-up in the instructions responsible for freeing memory in the JavaScript code coverage...

Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...

GHSA-XMHH-XRCC-MX36 Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...

Cross Site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation in the Name input field within the file instances.php, allowing a rogue administrator to inject malicious JavaScript code...

CVE-2024-7204

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204

CVE-2024-7204 affects Ai3 QbiBot, where the chat input is not properly filtered. This allows an unauthenticated remote attacker to inject JavaScript into chat messages, which becomes a stored XSS when the recipient views the message. The vulnerability is described as a Stored XSS affecting the ch...

CVE-2024-37900

XWiki Platform is affected by a cross-site scripting (XSS) vulnerability triggered by uploading an attachment with a malicious filename. Root cause: improper handling of attachment filenames during upload allows JavaScript execution in the uploader’s context. Affected versions: pre-14.10.21, pre-...

CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a...

The vulnerability of the Archer Platform’s system for creating and managing business applications lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Archer Platform system for creating and managing business applications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML or JavaScript code...

CVE-2024-6124 Reflected XSS in Hubshare via Open Redirect

Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session...

CVE-2024-28772

CVE-2024-28772 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, with a stored cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. The issue concerns the ability for an attacker to embe...

GHSA-G3CH-RX76-35FX vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)

A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code...

CVE-2024-6783

A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code...