Bitrix24 Security Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 22.0.300, which stems from a missing response header o...

Cross-site Scripting (XSS)

ethyca-fides is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of proper validation in the privacyexperience.py , which results in inadequate verification of privacy policy URLs. This flaw allows an attacker to create a malicious payload in the privacy policy URL. When...

CVE-2023-46126

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

Design/Logic Flaw

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

Fides JavaScript Injection Vulnerability in Privacy Center URL

Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...

PT-2023-29859 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.22.1 Description: The Fides web application allows users to edit consent and privacy notices, such as cookie banners. A vulnerability exists where a crafted payload in the privacy policy URL can trigger JavaScript...

Cross site scripting

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirecturi and clientid parameters. Although the redirecturi validation typically ensures that it matches th...

CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirecturi and clientid parameters. Although the redirecturi validation typically ensures that it matches th...

CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirecturi and clientid parameters. Although the redirecturi validation typically ensures that it matches th...

CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirecturi and clientid parameters. Although the redirecturi validation typically ensures that it matches th...

CVE-2023-45280

Yamcs 5.8.6 allows XSS issue 2 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrar...

UBUNTU-CVE-2023-45819

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

CVE-2023-41898

CVE-2023-41898 affects the Home Assistant Companion for Android (up to version 2023.8.2). The vulnerability is arbitrary URL loading in a WebView, enabling arbitrary JavaScript execution, limited native code execution, and credential theft. It has been patched in version 2023.9.2; all users shoul...

CVE-2023-45280

CVE-2023-45280 affects Yamcs 5.8.6. The vulnerability is a Cross-site Scripting (XSS) flaw via the Bucket storage mechanism: an HTML file containing arbitrary JavaScript can be uploaded and, when the user opens it, the browser executes the script. The issue is attributed to insufficient validatio...

PT-2023-28154 · Home Assistant · Home Assistant Companion For Android

Name of the Vulnerable Software and Affected Versions: Home Assistant Companion for Android app versions 2023.8.2 and earlier Description: The Home Assistant Companion for Android app is vulnerable to arbitrary URL loading in a WebView, enabling attacks such as arbitrary JavaScript execution,...

Cross site scripting

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

Thirty Bees Core Cross-Site Scripting Vulnerability

Thirty Bees Core is an open source e-commerce application with cutting edge features from Thirty Bees. A security vulnerability exists in Thirty Bees Core v1.4.0. An attacker could exploit this vulnerability to execute arbitrary JavaScript in a user's web browser via a specially crafted payload...

CVE-2023-5421

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

OTRS Cross-Site Scripting Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions prior to 7.0.47, 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which originates from the fact that an attacker with the privilege to create and change...