5961 matches found
CVE-2024-30264 typebot.io: `GHSL-2024-040`
Typebot is an open-source chatbot builder. A reflected cross-site scripting XSS in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the redirectPath parameter from the URL. If a user clicks on a link where the...
CVE-2024-25709
There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScrip...
MT Safeline X-Ray X3310 安全漏洞
MT Safeline X-Ray X3310 is an application from MT Safeline, Inc. A security vulnerability exists in MT Safeline X-Ray X3310 version 19.05. A remote attacker can exploit the vulnerability to execute JavaScript code and obtain sensitive information from the victim's browser...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS 11.1 and prior versions that stems from vulnerability to...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
VeridiumID 安全漏洞
VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to execute JavaScript in an environment where the victim was attempting to authenticate...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44040
CVE-2023-44040 affects VeridiumID prior to 3.5.0. An internal unauthenticated attacker can trigger a cross-site scripting (XSS) on the identity provider page, allowing JavaScript execution in the user’s authentication context. Multiple sources (NVD, Red Hat advisory, CVE listings, and third-party...
Amazon Linux 2 : firefox (ALASFIREFOX-2024-023)
The version of firefox installed on the remote host is prior to 115.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-023 advisory. AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced...
DataLens 安全漏洞
DataLens is a modern business intelligence and data visualization system open-sourced by datalens-tech. A security vulnerability exists in DataLens version 0.1449.0, which stems from the application allowing the creation of special chart types and the ability to pass custom JavaScript code that...
The vulnerability of Adobe Experience Manager’s content and media data management system, which exists due to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which exists due to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which exists due to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which exists due to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2024:1000-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1000-1 advisory. Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 bsc1221850 - CVE-2024-29944: Privileged JavaScript Execution via Event Handlers...
The vulnerability of Adobe Experience Manager’s content and media data management system, which exists due to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which exists due to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code using a specially created URL...