CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2021-3741 Stored Cross-site Scripting (XSS) in chatwoot/chatwoot

A stored cross-site scripting XSS vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom...

CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

CVE-2024-50655

emlog pro =2.3.18 is vulnerable to Cross Site Scripting XSS, which allows attackers to write malicious JavaScript code in published articles...

CVE-2024-50655

CVE-2024-50655 affects emlog pro versions

CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2024-45099 IBM Security ReaQta cross-site scripting

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-45879

The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 fixed in version 1.35.291, in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting XSS. To exploit the persistent XSS vulnerability, an attacker has to be authenticated to...

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-45088 IBM Maximo Asset Management cross-site scripting

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-11021

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-11021 Grand Vice info Webopac - Stored XSS

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-11019

CVE-2024-11019 affects Webopac from Grand Vice info. The connected documents describe a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser via phishing techniques. CVSSv3.1 base score 6.1 (Medium) with Netw...

Cross-Site Scripting (XSS)

org.apache.nifi,nifi-web-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient input validation on the description field for Parameters in the Parameter Context configuration, allowing an authenticated user to insert arbitrary JavaScript code, which the client...

IBM CICS TX Standard Web UI Cross-Site Scripting Vulnerability

IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A cross-site scripting vulnerability exists in IBM CICS TX Standard version 11.1, which stems from...

Exploit for Cross-site Scripting in Roundcube Webmail

Exploit Title: Roundcube mail server exploit for CVE-2024-373...

CVE-2024-41745

CVE-2024-41745 affects IBM CICS TX Standard Web UI with a cross-site scripting (XSS) vulnerability. An unauthenticated attacker can embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM-issued guidance indicates the vulnerability is ...

CVE-2024-41745 IBM CICS TX Standard cross-site scripting

IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-10652

CVE-2024-10652 affects CHANGING Information Technology’s IDExpert product. The vulnerability arises from improper validation of a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavaScript by performing a Reflected XSS. Affected versions are referenced ...

CVE-2024-47880 OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...