CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

CVE-2024-6741

Summary: Multiple sources describe a vulnerability in Openfind Mail2000 where the HttpOnly flag can be bypassed, enabling unauthenticated remote attackers to obtain the session cookie via crafted JavaScript. Affected product: Openfind Mail2000 (email web system). Technical details: Bypass of Http...

CVE-2024-6740

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

CVE-2024-6740 Openfind Mail2000 - Stored XSS

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

CVE-2024-39735 IBM Datacap Navigator cross-site scripting

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2024-40690 IBM InfoSphere Server cross-site scripting

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 29772...

CVE-2024-40690

CVE-2024-40690 affects IBM InfoSphere Information Server 11.7. The issue is a cross-site scripting vulnerability in the Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially altering functionality and disclosing credentials within a trusted session. The IBM security ...

RHEL 8 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: integrity checks according to policies can be circumvented CVE-2023-38552 - Maliciously crafted...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

CVE-2024-6485 is a Bootstrap XSS vulnerability in the button component’s data-loading-text attribute. Affected: Bootstrap 3.x (notably Bootstrap 3.x series); impact is cross-site scripting when the loading state is triggered. Mitigation: Debian LTS advisory indicates fixed in 3.4.1+dfsg-2+deb11u1...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

Cross-Site Scripting (XSS)

org.apache.nifi, nifi-web-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation/sanitization for the description field in the Parameter Context configuration, allowing arbitrary JavaScript code to be executed by the client browser within the sessi...

CVE-2024-37528 IBM Cloud Pak for Business Automation cross-site scripting

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web...

CVE-2024-29318

Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting XSS via upload of a SVG file with embedded javascript code...

ROS-20240704-07

A vulnerability in the parseQuery function of the Webpack loader-utilss package is related to improperly controlled modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary JavaScript code Ansi-regex ANSI...

CVE-2024-6427

Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and...

CVE-2024-6427 Uncontrolled Resource Consumption vulnerability in MESbook

Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and...

CVE-2024-6427

MESbook is affected by CVE-2024-6427 via the message parameter in version 20221021.03, allowing an unauthenticated remote attacker to inject JavaScript payloads that cause the application to loop requests, leading to resource consumption and potential service disruption. Multiple connected source...

CVE-2024-6427 Uncontrolled Resource Consumption vulnerability in MESbook

Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and...