Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUXCONSOLE , said it likely starts with a phishing email link or...

CVE-2024-47117

IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2024-47117

The CVE-2024-47117 entry concerns IBM Carbon Design System (Carbon Charts) with versions 0.4.0–1.13.16 affected by cross-site scripting. The root cause is improper handling/sanitization of user-provided HTML, enabling an authenticated user to embed arbitrary JavaScript in the Web UI, potentially ...

CVE-2024-47117 IBM Carbon Design System cross-site scripting

IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2024-47117 IBM Carbon Design System cross-site scripting

IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

U.S. Dept Of Defense: XSS vulnerability found in javascript code of https://███.mil

The XSS vulnerability was found in the JavaScript code of the website https://███.mil. The parameter "code" was not sufficiently sanitized, allowing the injection of malicious code. This vulnerability could have been exploited to execute arbitrary scripts in the context of the affected website...

PT-2024-54: Reflected Cross-Site Scripting (Reflected XSS) in Moodle

The vulnerability was identified in Moodle versions 4.5; 4.4 - 4.4.4; 4.3 - 4.3.8. The discovered vulnerability, which exists due to a lack of filtering during course editing, can be exploited by an attacker to embed an arbitrary JavaScript code into the body of a page. Vulnerability status:...

CVE-2024-47107

IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-47107 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-47107

IBM QRadar SIEM 7.5 is affected by CVE-2024-47107, a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript into the Web UI, potentially leading to credential disclosure within a trusted session. The CVSS base score is 6.4 (Vector: CVSS:3.1/AV:N/A...

CVE-2024-11990 Cross-Site Scripting (XSS) en SurgeMail de NetWin

A Cross-Site Scripting XSS vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters...

CVE-2024-11990 Cross-Site Scripting (XSS) en SurgeMail de NetWin

A Cross-Site Scripting XSS vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

SEH utnserver Pro 20.1.22 Cross Site Scripting

St. Pölten UAS 20241118-0 ------------------------------------------------------------------------------- title| Multiple Stored Cross-Site Scripting product| SEH utnserver Pro vulnerable version| 20.1.22 fixed version| 20.1.35 CVE number| CVE-2024-11304 impact| High homepage|...

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the...

GHSA-C86Q-RJ37-8F85 LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the...

CVE-2024-41785 IBM Concert cross-site scripting

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2021-3988

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

CVE-2021-3741

A stored cross-site scripting XSS vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom...