GHSA-RC6H-QWJ9-2C53 Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

CVE-2024-23320

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

Input validation

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

Apache DolphinScheduler 输入验证错误漏洞

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. An input validation error vulnerability exists in Apache DolphinScheduler versions prior to 3.2.1, which stems from the presence of incorrect...

CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

Race condition

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

Information disclosure

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

CVE-2024-26282

CVE-2024-26282 affects Firefox for iOS prior to version 123. A cross-site scripting vector exists when using an AMP URL with a canonical element: an attacker could execute JavaScript from an opened bookmarked page, potentially compromising cookies and site integrity. Root cause involves AMP URL h...

CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

CVE-2024-1563

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

PT-2024-21330 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 123 Description: An issue allows an attacker to execute JavaScript from an opened bookmarked page when using an AMP url with a canonical element. Recommendations: For versions prior to 123, update to a versio...

CKEditor cross-site scripting vulnerability (CNVD-2024-09868)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to bypass the advanced content filtering mechanism to inject incorrectly formatted...

Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.x through 6.14 P2 HF1 6.14.0.2.1 prior. An attacker could exploit the vulnerability to execute malicious JavaScript code in a web application...

PT-2024-21290 · Element · Element Android

Name of the Vulnerable Software and Affected Versions: Element Android versions 1.4.3 through 1.6.10 Description: The issue allows a third-party malicious application to start any internal activity by passing some extra parameters, potentially making Element Android display an arbitrary web page,...

CVE-2024-0010

A reflected cross-site scripting XSS vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential...

SUSE CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...

SUSE CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...