5912 matches found
Video Developers com.video.downloader.all 安全漏洞
Video Developers com.video.downloader.all Video Developers All Video Downloader is a video downloader from Video Developers, Inc. A security vulnerability exists in version 11.28 and earlier of com.video.downloader.all All Video Downloader. An attacker can exploit this vulnerability to execute...
CVE-2024-46964
The com.video.downloader.all aka All Video Downloader application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component...
CVE-2024-46965
The DS allvideo.downloader.browser aka Fast Video Downloader: Browser application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component...
Super Unlimited com.superfast.video.downloader 安全漏洞
Super Unlimited com.superfast.video.downloader Super Unlimited Video Downloader is a video downloader from Super Unlimited, Inc. A security vulnerability exists in com.superfast.video.downloader Super Unlimited Video Downloader - All in One version 5.1.9 and earlier. An attacker can exploit this...
CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...
CVE-2024-46960
The ASD com.rocks.video.downloader aka HD Video Downloader All Format application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component...
PT-2024-32301 · Unknown · Com.Rocks.Video.Downloader
Name of the Vulnerable Software and Affected Versions: com.rocks.video.downloader aka HD Video Downloader All Format versions 7.0.129 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. This c...
CVE-2024-46961
The Inshot com.downloader.privatebrowser aka Video Downloader - XDownloader application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component...
CVE-2024-46960
The ASD com.rocks.video.downloader aka HD Video Downloader All Format application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component...
Basecamp: Mutation Based Stored XSS on Trix Editor version latest (2.1.8)
A vulnerability was discovered in the Trix Editor version 2.1.8 where a mutation-based stored cross-site scripting XSS attack was possible. The vulnerability could be exploited by crafting a malicious payload that, when copied and pasted into the editor, would trigger the execution of arbitrary...
CVE-2024-48059
CVE-2024-48059 affects gaizhenbiao/chuanhuchatgpt up to version 20240802, vulnerable to stored XSS in WebSocket session transmissions. An attacker can inject malicious content into a WebSocket message, with execution of injected script in a victim’s browser when the session is accessed. The root ...
PT-2024-34154
Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.2 Description: The issue arises from a broken logic in handling Supplemental Files, allowing unsafe files with Javascript to be executed within the application context. An attacker can exploit this by...
CVE-2024-31972
CVE-2024-31972 affects EnGenius ESR580 A8J-EMR5000 devices, enabling a remote attacker to perform stored XSS via the Wi‑Fi SSID input fields. The vulnerability leads to arbitrary JavaScript execution within the user’s admin session when loading the login page, specifically impacting the endpoints...
PT-2024-29708 · Unknown · Acr.Browser.Lightning +1
Name of the Vulnerable Software and Affected Versions: com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader version 20-30.05.24 Description: The issue allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity...
The vulnerability of the iframe plugin in the JetBrains YouTrack software environment allows a hacker to execute arbitrary JavaScript code and unauthorized API calls.
The vulnerability of the iframe plugin in the JetBrains YouTrack software environment relates to insufficient verification of the connection source. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code and make unauthorized API requests...
webkitgtk: arbitrary javascript code execution
A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...
CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...
PT-2025-17573
Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4 Description The issue affects Jmix, a set of libraries and tools for Spring Boot data-centric application development. It allows manipulation of the input parameter, which...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...