5912 matches found
The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code
The vulnerability of the filemanager module in the CMS system Netcat is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...
The vulnerability of the alter_form.php function in the Netcat CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the alterform.php function in the Netcat CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...
The vulnerability of the component_id and object_id parameters of the Netcat landing CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the componentid and objectid parameters in the Netcat landing CMS system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the `promotion_discount` parameter in the Netcat Netshop CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the promotiondiscount parameter in the Netcat NetShop CMS system relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the pricerule parameter in the netshop CMS system, Netcat, allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the pricerule parameter in the netshop CMS system, Netcat, is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the logging module in CMS systems like Netcat allows attackers to execute arbitrary JavaScript code.
The vulnerability of the logging module in CMS systems like Netcat exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
PT-2024-95: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)
The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...
PT-2024-81: Reflected Cross-Site Scripting (XSS) in Netcat CMS (landing module)
The vulnerability was identified in Netcat landing module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-93: Reflected Cross-Site Scripting (XSS) in Netcat CMS (landing module)
The vulnerability was identified in Netcat landing module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-94: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)
The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...
CVE-2024-23729
The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component...
PT-2024-20039 · Oppo · Coloros Internet Browser
Name of the Vulnerable Software and Affected Versions: ColorOS Internet Browser version 45.10.3.4.1 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. Recommendations: For version 45.10.3.4.1, consider...
Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2024-44535)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce. The vulnerability stems from the application's lack of effective filtering and escaping o...
CVE-2024-6533
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...
Directus 跨站脚本漏洞
Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus version 10.13.0 that originates from allowing an authenticated external attacker to execute arbitrary JavaScript on t...
PT-2024-37695 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus version 10.13.0 Description: The issue allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter into an unsanitized DOM...
Trix 安全漏洞
Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.4 that stems from the presence of cross-site scripting, which allows an attacker to trick a user into copying and pasting malicious code, and then executing arbitrar...
Improper Input Validation
Apache DolphinScheduler is vulnerable to Improper Input Validation. The vulnerability is due to improper input validation allowing an authenticated user to execute arbitrary, unsandboxed JavaScript on the server...
CVE-2024-29831
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...
Zimbra Collaboration Server 安全漏洞
Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0, which stems from the...