CVE-2024-23729

The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component...

PT-2024-20039 · Oppo · Coloros Internet Browser

Name of the Vulnerable Software and Affected Versions: ColorOS Internet Browser version 45.10.3.4.1 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. Recommendations: For version 45.10.3.4.1, consider...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2024-44535)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce. The vulnerability stems from the application's lack of effective filtering and escaping o...

CVE-2024-6533

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...

Directus 跨站脚本漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus version 10.13.0 that originates from allowing an authenticated external attacker to execute arbitrary JavaScript on t...

PT-2024-37695 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus version 10.13.0 Description: The issue allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter into an unsanitized DOM...

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.4 that stems from the presence of cross-site scripting, which allows an attacker to trick a user into copying and pasting malicious code, and then executing arbitrar...

Improper Input Validation

Apache DolphinScheduler is vulnerable to Improper Input Validation. The vulnerability is due to improper input validation allowing an authenticated user to execute arbitrary, unsandboxed JavaScript on the server...

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0, which stems from the...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0 that stems from the presen...

Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2024-36715)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox for iOS, which can be exploited by attackers to execute Javascript commands in the browser...

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

PT-2024-37933 · Journyx · Journyx

Name of the Vulnerable Software and Affected Versions: Journyx affected versions not specified Description: The issue allows attackers to craft a malicious link that, when clicked, will execute arbitrary JavaScript in the context of the Journyx web application. Recommendations: At the moment, the...

The vulnerability of the CDwnBindInfo function in the mshtml.dll library of Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of the CDwnBindInfo function in the mshtml.dll library of the Internet Explorer browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code by sending a specially created HTML file...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

UBUNTU-CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...