4739 matches found
CVE-2024-6783
CVE-2024-6783 affects Vue and is described in multiple sources as a prototype-pollution–driven XSS vulnerability that could allow an attacker to modify Object.prototype properties (e.g., staticClass/staticStyle) and execute arbitrary JavaScript. The available connected documents confirm the issue...
CVE-2024-32484
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...
CVE-2024-32484
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...
CVE-2024-32484
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...
CVE-2024-32484
Affected product: Ankitects Anki (entries reference Anki up to 25.02). The connected documents indicate CVE-2025-43703 describes an incomplete fix for CVE-2024-32484, resulting in attacker‑controlled access to the internal API via crafted decks/SRC attributes, effectively enabling scripted access...
PT-2024-24608 · Ankitects +1 · Anki +1
Name of the Vulnerable Software and Affected Versions: Ankitects Anki version 24.04 Description: A reflected XSS issue exists in the handling of invalid paths in the Flask server. This can be triggered by a specially crafted flashcard, leading to JavaScript code execution and potentially resultin...
IBM Rational ClearQuest Cross-Site Scripting Vulnerability (CNVD-2024-35116)
IBM Rational ClearQuest IBM Rational CQ is a change management software from International Business Machines IBM. It can help increase developer productivity while providing methods, processes, and tools that are best suited for project and team personnel. A cross-site scripting vulnerability...
IBM Datacap Navigator Cross-Site Scripting Vulnerability
IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from a cross-site scripting vulnerability that originates from allowing arbitrary JavaScript code to be embedded in the Web UI, which could alter the intended functionality an...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-33593)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server version 11.7,...
CVE-2024-21686
This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...
PT-2024-5684 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure in the netshop module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript code...
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...
CVE-2024-6741
Summary: Multiple sources describe a vulnerability in Openfind Mail2000 where the HttpOnly flag can be bypassed, enabling unauthenticated remote attackers to obtain the session cookie via crafted JavaScript. Affected product: Openfind Mail2000 (email web system). Technical details: Bypass of Http...
CVE-2024-6740
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...
CVE-2024-6740 Openfind Mail2000 - Stored XSS
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...
CVE-2024-39735 IBM Datacap Navigator cross-site scripting
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...
CVE-2024-40690
CVE-2024-40690 affects IBM InfoSphere Information Server 11.7. The issue is a cross-site scripting vulnerability in the Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially altering functionality and disclosing credentials within a trusted session. The IBM security ...
CVE-2024-40690 IBM InfoSphere Server cross-site scripting
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 29772...
RHEL 8 : nodejs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: integrity checks according to policies can be circumvented CVE-2023-38552 - Maliciously crafted...