PT-2023-32486 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 16.4.2 GitLab CE/EE versions 16.5 through 16.5.2 GitLab CE/EE versions 16.6 through 16.6.0 Description: The issue is related to improper neutralization of input in Jira integration configuration, allowing a...

CVE-2023-47418

Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...

O2OA Security Breach

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 8.1.2 and earlier versions, which stems from the presence of a Remote Code Execution RCE vulnerability. The vulnerability can be exploited by an attacker to create a new interface...

CVE-2023-47418

The CVE-2023-47418 entry concerns O2OA, affected in versions 8.1.2 and earlier. The vulnerability allows Remote Code Execution by attackers who can create a new interface in the service management function to run JavaScript. Impact is described as high (RCE) and accessible over network with no pr...

Improper Neutralization of Input in Advanced User Interface for Jolt

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

DOM-based XSS in comment when edit in a new tab

h3. Issue Summary DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker- controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval or innerHTML. This enables attackers to execute maliciously JavaScript, which...

CVE-2023-41791 Lack of Authorization and Stored XSS Via Translation Abuse

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...

Artica Pandora FMS Cross-Site Scripting Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS versions 700 through 773, which is caused due to an inpu...

Nautobot Cross-Site Scripting Vulnerability

Nautobot is a web automation platform by the individual developers of Nautobot. Nautobot suffers from a cross-site scripting vulnerability that stems from the possibility of being affected by a cross-site scripting vulnerability that could allow an attacker to craft a malicious payload to execute...

CVE-2023-38882

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...

CVE-2023-38881

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...

webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

Important: Red Hat Security Advisory: webkit2gtk3 security, bug fix, and enhancement update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

CVE-2023-46099

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...

VulnCheck KEV: CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

PT-2023-8376 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5.0 Description: The issue is related to a lack of protection for the web page structure in the IBM QRadar SIEM system, allowing a remote attacker to bypass restrictions on executing JavaScript. This can lead to the...

CVE-2023-47114

CVE-2023-47114 affects Fides HTML-formatted Data Subject Request packages. Root cause: lack of input validation for data from connected systems/data stores, enabling HTML injection when a data subject opens the downloaded package (typically HTML files in ZIP) in a browser via file://. Existence o...

Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...

webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

CVE-2023-1716

Cross-site scripting XSS vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...