Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability that stems from the presence of a cross-site scripting XSS vulnerability that allows an authenticated...

CVE-2024-52552

Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

UBUNTU-CVE-2024-51490

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...

UBUNTU-CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

CVE-2024-52286

CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...

Super Unlimited com.superfast.video.downloader 安全漏洞

Super Unlimited com.superfast.video.downloader Super Unlimited Video Downloader is a video downloader from Super Unlimited, Inc. A security vulnerability exists in com.superfast.video.downloader Super Unlimited Video Downloader - All in One version 5.1.9 and earlier. An attacker can exploit this...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.32.0 that stems from a merge function that accepts untrusted user input and uses it directly to create HTML...

PT-2024-35152 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...

CVE-2024-50601

Axigen Mail Server (up to 10.5.28) is affected by persistent and reflected XSS via the themeMode cookie and the _h URL parameter. The described impact includes arbitrary JavaScript execution, session hijacking, and data leakage, with a multi-stage attack potential. Remediation is available in fix...

CVE-2024-46964

The com.video.downloader.all aka All Video Downloader application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component...

CVE-2024-46965

The DS allvideo.downloader.browser aka Fast Video Downloader: Browser application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component...

Ikhgur mn.ikhgur.khotoch 安全漏洞

Ikhgur mn.ikhgur.khotoch Ikhgur Video Downloader Pro & Browser is a video downloader from Ikhgur. A security vulnerability exists in Ikhgur mn.ikhgur.khotoch Video Downloader Pro & Browser version 1.0.42 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary JavaScri...

Video Developers com.video.downloader.all 安全漏洞

Video Developers com.video.downloader.all Video Developers All Video Downloader is a video downloader from Video Developers, Inc. A security vulnerability exists in version 11.28 and earlier of com.video.downloader.all All Video Downloader. An attacker can exploit this vulnerability to execute...

CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...

CVE-2024-46960

The ASD com.rocks.video.downloader aka HD Video Downloader All Format application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component...

CVE-2024-46960

The ASD com.rocks.video.downloader aka HD Video Downloader All Format application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component...

PT-2024-32301 · Unknown · Com.Rocks.Video.Downloader

Name of the Vulnerable Software and Affected Versions: com.rocks.video.downloader aka HD Video Downloader All Format versions 7.0.129 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. This c...

CVE-2024-46961

The Inshot com.downloader.privatebrowser aka Video Downloader - XDownloader application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component...