CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

ROS-20240812-02

A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...

Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...

GHSA-XMHH-XRCC-MX36 Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...

Cross Site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation in the Name input field within the file instances.php, allowing a rogue administrator to inject malicious JavaScript code...

CVE-2024-7204

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204

CVE-2024-7204 affects Ai3 QbiBot, where the chat input is not properly filtered. This allows an unauthenticated remote attacker to inject JavaScript into chat messages, which becomes a stored XSS when the recipient views the message. The vulnerability is described as a Stored XSS affecting the ch...

CVE-2024-37900

XWiki Platform is affected by a cross-site scripting (XSS) vulnerability triggered by uploading an attachment with a malicious filename. Root cause: improper handling of attachment filenames during upload allows JavaScript execution in the uploader’s context. Affected versions: pre-14.10.21, pre-...

CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a...

The vulnerability of the Archer Platform’s system for creating and managing business applications lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Archer Platform system for creating and managing business applications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML or JavaScript code...

CVE-2024-28772

CVE-2024-28772 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, with a stored cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. The issue concerns the ability for an attacker to embe...

GHSA-G3CH-RX76-35FX vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)

A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code...

CVE-2024-6783

A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code...

IBM Rational ClearQuest Cross-Site Scripting Vulnerability (CNVD-2024-35116)

IBM Rational ClearQuest IBM Rational CQ is a change management software from International Business Machines IBM. It can help increase developer productivity while providing methods, processes, and tools that are best suited for project and team personnel. A cross-site scripting vulnerability...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-33593)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server version 11.7,...

CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

PT-2024-5684 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure in the netshop module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript code...

CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...