CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346

CVE-2024-42346 affects Galaxy: stored Cross-Site Scripting via the editor visualization endpoint at /visualizations. The vulnerability arises from storing HTML/JS that can execute on edit operations. Patches were applied across supported Galaxy branches (to mitigate this risk); upgrading to the p...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

Galaxy 跨站脚本漏洞

Galaxy is an open source platform for FAIR data analysis open-sourced by the Galaxy Project. A cross-site scripting vulnerability exists in Galaxy versions prior to 24.1.1, which stems from an attacker being able to trick a user into executing arbitrary javascript code when the user is visually...

PT-2024-29883 · Galaxy · Galaxy

Name of the Vulnerable Software and Affected Versions: Galaxy versions prior to the latest patched version Description: The issue concerns the editor visualization, specifically the "/visualizations" endpoint, which can be used to store HTML tags and trigger javascript execution upon an edit...

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

CVE-2024-8652

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...

CVE-2024-8653

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...

VulnCheck KEV: CVE-2021-21801

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

NetCat CMS 安全漏洞

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...

NetCat CMS 安全漏洞

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...

PT-2024-39151 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit a specific path on the site. Recommendations: For versions...

Cross-site Scripting (XSS)

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the image upload functionality. An attacker can execute arbitrary JavaScript on behalf o...

CVE-2024-38380

This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session...

CVE-2024-38380

Confirmed CVE-2024-38380 relates to Millbeck Communications Proroute H685t-w (firmware 3.2.334). Affected component: web UI endpoints (vpn/openconnect_client.lua, vpn/pptp_edit.lua, filebrowser) where user input is improperly sanitized and reflected, enabling: 1) Command injection via vulnerable ...

Millbeck Proroute H685t-w 跨站脚本漏洞

The Millbeck Proroute H685t-w is a wireless router from Millbeck. A cross-site scripting vulnerability exists in the Millbeck Proroute H685t-w version v3.2.334, which stems from the presence of a cross-site scripting vulnerability that could allow an attacker to execute arbitrary JavaScript in th...

MindsDB 安全漏洞

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. MindsDB has a security vulnerability that stems from the presence of a cross-site scripting XSS vulnerability that allows JavaScript to be executed whenever a user enumerates engines, databases, projects, or datasets tha...

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

CVE-2024-4367: Arbitrary JavaScript Execution in PDF.js Ov...

OESA-2024-2063 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution ...

The vulnerability in the administration interface of the Zimbra Collaboration Suite email management system allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the administration interface of the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by sending a...