CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

GHSA-5JC6-H9W7-JM3P Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...

GHSA-M7XQ-9374-9RVX Mongoose search injection vulnerability

Mongoose versions prior to 8.8.3, 7.8.3, 6.13.5, and 5.13.23 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthoriz...

Cross-site Scripting (XSS)

calibreweb to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in the editbooks.js file when editing book properties, such as uploading a cover or format. This allows attackers to execute arbitrary JavaScript code...

NetWin SurgeMail 跨站脚本漏洞

NetWin SurgeMail is a full-featured SMTP / IMAP / POP / Webmail server from NetWin. A cross-site scripting vulnerability exists in NetWin SurgeMail version v78c2, which originates from a vulnerability that allows an attacker to execute arbitrary JavaScript code by injecting a carefully constructe...

CVE-2024-49503

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user input in the "overwriteip" parameter, allowing untrusted data JavaScript code to be stored and executed in the application without proper validation or escaping...

Cross-Site Scripting

Deluge Web-UI is vulnerable to a Cross-Site Scripting. The vulnerability is due to improper sanitization of data from torrent files, where crafted torrent metadata is rendered directly as HTML, allowing attackers to execute arbitrary JavaScript in the user’s browser when a malicious torrent file ...

MyBB Cross-Site Scripting Vulnerability (CNVD-2024-46255)

MyBB is a free and open source forum software, written in PHP, supporting MySQL, MariaDB, PostgreSQL and SQLite databases. A cross-site scripting vulnerability exists in MyBB. The vulnerability is related to the component installindex.php, which does not adequately clean up the websitename...

CVE-2024-45517

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session. This issue is caused by improper sanitizati...

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and prior versions, whi...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...

Zimbra Collaboration Server 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 10.1 and prior versions, which stems from improper cleaning of file contents by th...

CVE-2023-0109

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...

PT-2024-33668 · Librenms · Librenms +1

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: The application fails to properly sanitize user input, allowing an attacker to execute malicious JavaScript code. This issue occurs when a user with an Admin role adds Notes to a device and the...

PT-2024-16805

Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions prior to 24.5.1c Description An XSS issue was discovered in MDaemon Email Server, allowing a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window by sending an HTML...

webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...