CVE-2024-35432

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...

CVE-2024-5520

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...

CVE-2024-5521 Cross-Site Scripting stored in Alkacon OpenCMS

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

CVE-2024-5521

The CVE-2024-5521 entry describes stored Cross-Site Scripting in Alkacon OpenCMS 16 via SVG file uploads. The root cause is improper validation of .svg images, which, when uploaded by users with gallery editor or VFS resource manager roles, allows JavaScript in the SVG to execute when another use...

CVE-2024-5520 Cross-Site Scripting stored in Alkacon OpenCMS

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...

CVE-2024-5520 Cross-Site Scripting stored in Alkacon OpenCMS

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...

Ubuntu: Security Advisory (USN-6779-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-25976

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

CVE-2024-25976

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

Cross Site Scripting(XSS)

vxe-table is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate sanitization of user-supplied input within the inputValue argument of the export function in the vxe-textarea component. It allows malicious actors to execute arbitrary JavaScript code within the context o...

GNOME Shell 安全漏洞

GNOME Shell is a shell from the GNOME Project that provides core user interface functionality for the GNOME desktop such as switching windows, launching applications or viewing notifications. A security vulnerability exists in GNOME Shell 45.7 and earlier versions, which stems from allowing the...

Cross-site Scripting(XSS)

silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the lack of proper sanitization or encoding of user-input data when it is displayed in TreeDropdownField and TreeMultiSelectField, which allows an attacker to execute malicious JavaScript code...

CVE-2023-47710 IBM Security Guardium cross-site scripting

IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 27152...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

CVE-2024-31974

The CVE-2024-31974 entry concerns com.solarized.firedown (Solarized FireDown Browser & Downloader) for Android 1.0.76. Exploitation arises because com.solarized.firedown.IntentActivity uses a WebView to display web content and does not adequately sanitize the URI or extra data passed in an intent...

GitLab 13.9 < 14.0.9 / 14.1 < 14.1.4 / 14.2 < 14.2.2 (CVE-2021-22261)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting fr...

CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...

NocoDB Allows Preview of Files with Dangerous Content

Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...