CVE-2024-34061 Reflected cross site scripting in changedetection.io

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...

CVE-2024-34061

CVE-2024-34061 – Changedetection.io is affected in versions prior to 0.45.22. A reflected Cross‑Site Scripting (XSS) vulnerability arises because input in the notification_urls parameter is not properly sanitized and is reflected on the page, enabling injection of malicious JavaScript. The CVSS v...

CVE-2024-34061 Reflected cross site scripting in changedetection.io

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...

Cross Site Scripting (XSS)

phlex is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-provided data in HTML attributes. If an application renders an tag within a href attribute thats set to a user provided link, arbitrary JavaScript execution may occur due to overly...

CVE-2024-32966

The CVE-2024-32966 issue affects Static Web Server (SWS) when directory listings are enabled and a user with upload rights can name files. The directory listing code embeds file/directory names directly into HTML without escaping, enabling stored XSS via malicious file names (e.g., .txt). This ca...

CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server

Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...

Static Web Server 安全漏洞

Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server SWS versions 2.28.0 and earlier that originates from a vulnerability that allows an attacker to upload a malicious filename to execute JavaScript code in the we...

PT-2024-25013 · Unknown · Static Web Server

Name of the Vulnerable Software and Affected Versions: Static Web Server SWS affected versions not specified Description: The issue allows JavaScript code execution in the context of the web server's domain when directory listings are enabled for a directory that an untrusted user has upload...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-024)

The version of firefox installed on the remote host is prior to 115.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-024 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

UBUNTU-CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

RHEL 7 : firefox (RHSA-2024:1486)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1486 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

GHSA-G7XQ-XV8C-H98C Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

OESA-2024-1368 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have...

OESA-2024-1369 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have...

CVE-2024-3570

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...