CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0 that stems from the presen...

Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2024-36715)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox for iOS, which can be exploited by attackers to execute Javascript commands in the browser...

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

The vulnerability of the CDwnBindInfo function in the mshtml.dll library of Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of the CDwnBindInfo function in the mshtml.dll library of the Internet Explorer browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code by sending a specially created HTML file...

PT-2024-37933 · Journyx · Journyx

Name of the Vulnerable Software and Affected Versions: Journyx affected versions not specified Description: The issue allows attackers to craft a malicious link that, when clicked, will execute arbitrary JavaScript in the context of the Journyx web application. Recommendations: At the moment, the...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

UBUNTU-CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

PT-2024-30300 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 129 Description: A potential issue exists where long pressing on a download link could allow Javascript commands to be executed within the browser. Recommendations: For Firefox for iOS versions prior to 129,...

CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.4.0 through versions prior to 3.12.4, which stems from insufficient validation of parameters and allows an attacker to execute arbitrary JavaScript on the server side, which in turn...

CVE-2024-41953

ZITAdel ( Zitadel ) has a vulnerability (CVE-2024-41953) due to improper HTML sanitization in emails and Console UI. The issue allows untrusted user- or admin-provided content (such as usernames and email body content) to include HTML/JS that could render in emails and user pages. Impact describe...

CVE-2024-41947 XWiki Platform XSS through conflict resolution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

CVE-2024-41947

CVE-2024-41947 affects XWiki Platform. When a conflict arises while a user with higher rights is editing a page, it can allow execution of JavaScript on the other user’s browser, compromising confidentiality, integrity and availability of the installation. The issue has been patched in XWiki vers...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a conflict that can compromise the confidentiality, integrity, and availability of an entire XWiki installation by executing...

The vulnerability of the Archer Platform’s system for creating and managing business applications lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Archer Platform system for creating and managing business applications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML or JavaScript code...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper handling of filenames when uploading attachments, allowing users to upload attachments with malicious filenames,...