PT-2024-69: Cross-Site Scripting (XSS) in custom properties in PhpSpreadsheet

The vulnerability was identified in PhpSpreadsheet, versions = 3.0.0, = 2.0.0, = 2.2.0, = 3.0.0, = 2.0.0, = 2.2.0, = 2.3.4 to 2.3.5 or higher Additional information: Security advisory Researcher: Aleksey Solovev Positive Technologies...

Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 Workarounds Don't use data publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev Positiv...

CVE-2024-56364

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

Piranha CMS Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...

CVE-2024-56358

grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...

CVE-2024-55341

A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...

CVE-2024-55341

A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...

CVE-2024-55342

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS...

PT-2024-9963 · Unknown · Express Web Client

Name of the Vulnerable Software and Affected Versions: eXpress web client affected versions not specified Description: The issue is caused by insufficient protection of the web page structure in the document viewer library of the eXpress web client. This allows a remote attacker to execute...

CVE-2024-55341

CVE-2024-55341 is a stored XSS vulnerability in Piranha CMS 11.1 where an attacker can inject JavaScript by creating a page via /manager/pages and adding Markdown content. The issue originates from the /manager/pages Markdown content handling and can lead to arbitrary script execution in a user’s...

CVE-2024-55341

A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...

CVE-2024-9101

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

CVE-2024-9101 phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

CVE-2024-9101

Summary of CVE-2024-9101 : A reflected XSS in phpLDAPadmin’s “Entry Chooser” affects versions 1.2.1 through 1.2.6.7. The vulnerability arises from unsafely passing the user-controlled parameter “element” into JavaScript eval, with exploitation limited to conditions where the window opener is corr...

CVE-2024-9101

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

Cross-Site Scripting (XSS)

trix is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of pasted malicious code, allowing attackers to execute arbitrary JavaScript in the user's session...

Cross Site Scripting

SimpleXLSX is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation and sanitization in the toHTMLEx method, allowing the execution of arbitrary JavaScript code when processing Excel XLSx files...

CVE-2024-56173

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document...

CVE-2024-12641

TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use...