CVE-2022-22402 IBM Aspera Faspex cross-site scripting

IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571...

CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2023-39514 Stored Cross-site Scripting on graphs.php data template formated name view in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

CVE-2023-40577

CVE-2023-40577 affects Prometheus Prometheus Alertmanager. The issue allows an attacker with POST permission on the /api/v1/alerts endpoint to cause arbitrary JavaScript execution in users of Alertmanager (stored XSS). The vulnerability is tied to the Alertmanager component handling incoming aler...

[SECURITY] [DLA 3538-1] zabbix security update

Debian LTS Advisory DLA-3538-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost August 22, 2023 https://wiki.debian.org/LTS Package : zabbix Version : 1:4.0.4+dfsg-1+deb10u2 CVE ID : CVE-2013-7484 CVE-2019-17382 CVE-2022-35229 CVE-2022-43515 CVE-2023-29450...

Debian: Security Advisory (DLA-3538-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Default credentials

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

CVE-2023-2318

CVE-2023-2318 concerns MarkText up to version 0.17.1 where a DOM‑based XSS flaw in src/muya/lib/contentState/pasteCtrl.js can allow arbitrary JavaScript to run in the MarkText main window when pasting HTML copied from a malicious page. The vulnerability arises during HTML-to-Markdown conversion: ...

Cross-Site Scripting (XSS)

cockpit-hq/cockpit is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability occurs because the library does not properly escape user input when rendering templates, allowing an authenticated attacker to inject malicious JavaScript code into a Cockpit page, which would then be executed...

LibreNMS Cross-Site Scripting Vulnerability (CNVD-2023-64109)

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 23.8.0. The...

CVE-2023-22843

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored...

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...

ASUS RT-AX88U Cross-Site Scripting Vulnerability (CNVD-2023-63441)

The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a store...

Front Editor <= 4.3.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form. 2. For the "Post Title", add...

CVE-2023-31928 - XSS vulnerability in Brocade Webtools

A reflected cross-site scripting XSS vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools...

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...