CVE-2023-45186

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2024-22357 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-1602

CVE-2024-1602 affects parisneo/lollms-webui, with a stored XSS that leads to Remote Code Execution. Attacker can exploit inadequate sanitization/validation of model output data to inject JavaScript that runs in the user’s browser and can trigger a request to /execute_code to establish a reverse s...

CVE-2024-31544

A stored cross-site scripting XSS vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrowername”, “facultydepartment” parameters in /classes/Master.php?f=saverecord...

CVE-2024-31544

A stored cross-site scripting XSS vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrowername”, “facultydepartment” parameters in /classes/Master.php?f=saverecord...

CVE-2024-25705

CVE-2024-25705 describes a cross-site scripting issue in Esri Portal for ArcGIS Experience Builder versions 11.1 and below. The CVE record states exploitation requires basic authenticated access (low-privilege), while a PT-Security entry notes a remote, unauthenticated attacker scenario; there is...

CVE-2024-25703

CVE-2024-25703 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2024-25698 Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...

CVE-2024-25698 Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...

CVE-2024-25708

Esri Portal for ArcGIS Enterprise Web App Builder (versions 10.9.1 and below) is affected by a stored Cross-site Scripting vulnerability. The issue allows a remote, authenticated attacker to create a crafted link that, when clicked, could execute arbitrary JavaScript in the victim’s browser. The ...

CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...

Cross Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of input in the component Add Portal Note, leading to the execution of arbitrary JavaScript code...

CVE-2024-29890 Remote code execution in datalens-ui

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem w...

CVE-2024-29890 Remote code execution in datalens-ui

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem w...

CVE-2024-29890

CVE-2024-29890 affects DataLens/DataLens UI components, with a vulnerability in datalens-ui prior to version 0.1449.0. A specially crafted request can create a chart type that passes custom JavaScript, which then executes in an unprotected sandbox on subsequent chart requests. The issue has a kno...

CVE-2024-23727

The YI Smart Kami Vision com.kamivision.yismart application through 1.0.020231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...