PT-2024-37693

Name of the Vulnerable Software and Affected Versions Bootstrap affected versions not specified Description A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-...

Fortinet FortiOS Cross-Site Scripting Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform of the United States Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A cross-site scripting...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi has a security vulnerability that stems from susceptibility to cross-site scripting attacks. An...

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34271)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34270)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

Discourse Security Breach

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that stems from the presence of stored cross-site scripting that allows an attacker to execute arbitra...

CVE-2024-36997

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...

CVE-2024-36994

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could...

PYSEC-2024-176

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

Cross-site Scripting (XSS)

org.opencms: opencms-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of .svg files, allowing users with the roles of gallery editor or VFS resource manager to upload images containing JavaScript code, which will be executed when another user accesse...

Apache JSPWiki Cross-Site Scripting Vulnerability (CNVD-2024-41670)

Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in Apache JSPWiki 2.12.1 and earlier versions, which stems from the application's lack of effective filtering and escapi...

Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

GHSA-Q6XV-JM4V-349H Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

EUVD-2024-1896

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the context of the victim’s browser...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the context of the victim’s browser...

PT-2024-26902 · Unknown · Reposilite

Name of the Vulnerable Software and Affected Versions: Reposilite versions prior to 3.5.12 Description: The issue lies in the fact that the artifact's content is served via the same origin as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed...

RLSA-2024:2888 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...