PT-2024-30300 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 129 Description: A potential issue exists where long pressing on a download link could allow Javascript commands to be executed within the browser. Recommendations: For Firefox for iOS versions prior to 129,...

CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.4.0 through versions prior to 3.12.4, which stems from insufficient validation of parameters and allows an attacker to execute arbitrary JavaScript on the server side, which in turn...

CVE-2024-41953

ZITAdel ( Zitadel ) has a vulnerability (CVE-2024-41953) due to improper HTML sanitization in emails and Console UI. The issue allows untrusted user- or admin-provided content (such as usernames and email body content) to include HTML/JS that could render in emails and user pages. Impact describe...

CVE-2024-41947 XWiki Platform XSS through conflict resolution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

CVE-2024-41947

CVE-2024-41947 affects XWiki Platform. When a conflict arises while a user with higher rights is editing a page, it can allow execution of JavaScript on the other user’s browser, compromising confidentiality, integrity and availability of the installation. The issue has been patched in XWiki vers...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper handling of filenames when uploading attachments, allowing users to upload attachments with malicious filenames,...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a conflict that can compromise the confidentiality, integrity, and availability of an entire XWiki installation by executing...

The vulnerability of the Archer Platform’s system for creating and managing business applications lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Archer Platform system for creating and managing business applications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML or JavaScript code...

CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

PT-2024-37400

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 5.0.6.0 Description: The issue allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. This is achieved through a reflected XSS attack. Recommendations: For...

SUSE CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

DEBIAN-CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

UBUNTU-CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

PT-2024-5673 · Unknown · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure, specifically in the code parameter of the netshop CMS module. This allows a remote attacker to execute...

PT-2024-5671 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the pricerule parameter in the netshop CMS module of the Netcat system, which is vulnerable to cross-site request forgery. This could allow a remote...