CKEditor 4.x < 4.24.0-lts Multitple XSS

The version of CKEditor included on the remote web host is 4.x prior to 4.24.0-lts. It may, therefore, be affected by multiple cross-site scripting XSS vulnerabilities. - A cross-site scripting vulnerability affecting editor instances that enabled full-page editing mode or enabled CDATA elements ...

Cross-site Scripting (XSS)

CKEditor4 is vulnerable to Cross-site Scripting. The vulnerability is due to editor instances that have enabled full-page editing mode or enabled CDATA elements in the Advanced Content Filtering configuration which defaults to script and style elements. This flaw allows an attacker to inject...

CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection

Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...

CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

CVE-2023-6028 SDM Web interface vulnerable to XSS

A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

CVE-2023-50947 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2023-37531 A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

CVE-2023-37527 A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform

A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...

CVE-2022-40744 IBM Aspera Faspex cross-site scripting

IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441...

Cross-site Scripting Vulnerability on Data Import

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.10.1 and was tested on version 1.9.2.post0. Overview Label Studio had a remote import feature allowed users to...

Cross-site Scripting Vulnerability on Avatar Upload

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2 and was tested on version 1.8.2. Overview Label Studio has a cross-site scripting XSS vulnerability that coul...

Cross-site Scripting (XSS)

JFinalcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of parameter sanitization which allows attackers to run arbitrary JavaScript code via the /admin/login username parameter...

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

CVE-2023-7238

A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser...

Cross-Site Scripting (XSS)

MolecularFaces is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of user input within the viewer plugin implementation of . This allows an attacker to inject arbitrary JavaScript code into the client browser by crafting malicious molfiles...

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...