CVE-2024-3570

The CVE-2024-3570 entry affects the chat functionality of mintplex-labs/anything-llm. It describes a stored XSS flaw where user and ChatBot input are not properly sanitized, specifically via dangerouslySetInnerHTML, allowing attackers to execute arbitrary JavaScript in a user’s session. Impacted ...

CVE-2024-26047

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-31544

CVE-2024-31544 applies to the Computer Laboratory Management System v1.0. The vulnerability is a stored cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary JavaScript through the fields “remarks”, “borrower_name” and “faculty_department” in the API endpoint /classes/Master...

CentOS 8 : firefox (CESA-2024:1484)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:1484 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

CVE-2024-30264 typebot.io: `GHSL-2024-040`

Typebot is an open-source chatbot builder. A reflected cross-site scripting XSS in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the redirectPath parameter from the URL. If a user clicks on a link where the...

CVE-2024-25709

There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScrip...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS 11.1 and prior versions that stems from vulnerability to...

MT Safeline X-Ray X3310 安全漏洞

MT Safeline X-Ray X3310 is an application from MT Safeline, Inc. A security vulnerability exists in MT Safeline X-Ray X3310 version 19.05. A remote attacker can exploit the vulnerability to execute JavaScript code and obtain sensitive information from the victim's browser...

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...

VeridiumID 安全漏洞

VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to execute JavaScript in an environment where the victim was attempting to authenticate...

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...

CVE-2023-44040

CVE-2023-44040 affects VeridiumID prior to 3.5.0. An internal unauthenticated attacker can trigger a cross-site scripting (XSS) on the identity provider page, allowing JavaScript execution in the user’s authentication context. Multiple sources (NVD, Red Hat advisory, CVE listings, and third-party...

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-023)

The version of firefox installed on the remote host is prior to 115.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-023 advisory. AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced...

DataLens 安全漏洞

DataLens is a modern business intelligence and data visualization system open-sourced by datalens-tech. A security vulnerability exists in DataLens version 0.1449.0, which stems from the application allowing the creation of special chart types and the ability to pass custom JavaScript code that...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:1000-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1000-1 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent...

MGASA-2024-0092 Updated nss firefox, nss packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...