4739 matches found
CVE-2024-6485
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...
CVE-2024-6485
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...
CVE-2024-6485
CVE-2024-6485 is a Bootstrap XSS vulnerability in the button component’s data-loading-text attribute. Affected: Bootstrap 3.x (notably Bootstrap 3.x series); impact is cross-site scripting when the loading state is triggered. Mitigation: Debian LTS advisory indicates fixed in 3.4.1+dfsg-2+deb11u1...
CVE-2024-6485
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...
Unspecified Vulnerability in Apache NiFi (CNVD-2024-33176)
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi has a security vulnerability that stems from susceptibility to cross-site scripting attacks. An...
openSUSE Security Advisory (SUSE-SU-2024:2272-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross-Site Scripting (XSS)
org.apache.nifi, nifi-web-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation/sanitization for the description field in the Parameter Context configuration, allowing arbitrary JavaScript code to be executed by the client browser within the sessi...
CVE-2024-37528 IBM Cloud Pak for Business Automation cross-site scripting
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web...
CVE-2024-29318
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting XSS via upload of a SVG file with embedded javascript code...
CVE-2024-29318
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting XSS via upload of a SVG file with embedded javascript code...
ROS-20240704-07
A vulnerability in the parseQuery function of the Webpack loader-utilss package is related to improperly controlled modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary JavaScript code Ansi-regex ANSI...
CVE-2024-6427
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and...
CVE-2024-6427 Uncontrolled Resource Consumption vulnerability in MESbook
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and...
CVE-2024-6427 Uncontrolled Resource Consumption vulnerability in MESbook
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and...
CVE-2024-6427
MESbook is affected by CVE-2024-6427 via the message parameter in version 20221021.03, allowing an unauthenticated remote attacker to inject JavaScript payloads that cause the application to loop requests, leading to resource consumption and potential service disruption. Multiple connected source...
SUSE-SU-2024:2272-1 Security update for python-Js2Py
This update for python-Js2Py fixes the following issues: - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-30630)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server that stems from...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-37062)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...
CVE-2024-36993
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...
CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...