Mozilla Firefox ESR < 115.9.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

Mozilla Firefox < 124.0.1

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary...

GHSA-FH7P-5F6G-VJ2W Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST...

PYSEC-2024-179

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

PYSEC-2024-179

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

CVE-2024-26104

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26069

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26067

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26052

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26032

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the pag...

CVE-2024-26028

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26104

Summary: CVE-2024-26104 is a reflected Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager (AEM) versions 6.5.19 and earlier. The issue arises when an attacker entices a user to visit a specially crafted URL referencing a vulnerable page, enabling execution of malicious JavaScrip...

CVE-2024-26102 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26042 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the pag...

CVE-2024-26028 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

GHSA-242P-4V39-2V8G Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. Impact If you render an tag with an href attribute set to a user-provided link, that...

Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. Impact If you render an tag with an href attribute set to a user-provided link, that...

PT-2024-2436 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could allow an attacker to inject malicious scripts into vulnerable form fields. This could lead to...

Cross site scripting

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

CVE-2024-28199 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...