CVE-2024-25701

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially...

CVE-2024-25691

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-25691

Esri Portal for ArcGIS is affected by a reflected XSS in versions up to 11.1. A crafted link could cause arbitrary JavaScript execution in the victim’s browser. Affected versions include 10.8.1–11.1. Root cause is a cross-site scripting flaw in the portal’s handling of URL/link input. Practical i...

CVE-2024-38036 BUG-000154827 - Reflected XSS in ArcGIS Experience Builder

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-38036 BUG-000154827 - Reflected XSS in ArcGIS Experience Builder

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS.

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload functionality. An attacker can inject malicious scripts or execute arbitrary code by uploading a crafted PDF file containing JavaScript. Details Cross-site scripting or XSS is a code vulnerability...

CVE-2024-45965

CVE-2024-45965 — Contao SVG upload XSS : The vulnerability affects Contao Core Bundle via SVG uploads, enabling stored XSS when an attacker (or authenticated admin) uploads a crafted SVG. Affected versions are: 4.x prior to 4.13.54; 5.0.x–5.3.x prior to 5.3.30; and 5.4.x and 5.5.x prior to 5.5.6....

CVE-2024-47604

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...

CVE-2024-47604 XSS vulnerability in NuGetGallery HTML attributes handling

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...

Updated gnome-shell packages fix security vulnerability

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

PT-2024-31971 · Webkul · Webkul Krayin Crm

Name of the Vulnerable Software and Affected Versions: Webkul Krayin CRM version 1.3.0 Description: A Stored Cross-Site Scripting XSS issue allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalatio...

CVE-2023-46948

A reflected Cross-Site Scripting XSS vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components...

CVE-2024-8652 Netcat CMS: reflected cross-site scripting in openstat module

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...

CVE-2024-8776 INTUMIT SmartRobot - Cross-site Scripting

SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks...

Atlassian Confluence 9.0.x < 9.0.1 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.26, 7.20.x prior to 8.5.14, 8.6.x prior to 8.9.5 or 9.0.x prior to 9.0.1. It is, therefore, affected by a reflected Cross-Site Scripting XSS and a CSRF Cross-Site Reques...

Atlassian Confluence < 7.19.26 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.26, 7.20.x prior to 8.5.14, 8.6.x prior to 8.9.5 or 9.0.x prior to 9.0.1. It is, therefore, affected by a reflected Cross-Site Scripting XSS and a CSRF Cross-Site Reques...

Atlassian Confluence 7.20.x < 8.5.14 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.26, 7.20.x prior to 8.5.14, 8.6.x prior to 8.9.5 or 9.0.x prior to 9.0.1. It is, therefore, affected by a reflected Cross-Site Scripting XSS and a CSRF Cross-Site Reques...