5961 matches found
CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
Mozilla Firefox ESR < 115.9.1
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...
Mozilla Firefox < 124.0.1
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary...
UBUNTU-CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
Mozilla Firefox < 124.0.1
The version of Firefox installed on the remote Windows host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...
Mozilla Firefox ESR < 115.9.1
The version of Firefox ESR installed on the remote Windows host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution ...
GHSA-FH7P-5F6G-VJ2W Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST...
PYSEC-2024-179
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...
PYSEC-2024-179
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...
CVE-2024-26104
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
CVE-2024-26067
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26069
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26052
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26032
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the pag...
CVE-2024-26028
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26104
Summary: CVE-2024-26104 is a reflected Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager (AEM) versions 6.5.19 and earlier. The issue arises when an attacker entices a user to visit a specially crafted URL referencing a vulnerable page, enabling execution of malicious JavaScrip...
CVE-2024-26102 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
CVE-2024-26042 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the pag...
CVE-2024-26028 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
The vulnerability of the web-based collaboration tool for planning, creating, managing, and executing tests at all stages of the IBM Engineering Test Management cycle exists due to the lack of protective measures for the website structure. This allows attackers to execute arbitrary JavaScript code.
The vulnerability of the web-based collaboration tool for planning, creating, managing, and executing tests at all stages of the development cycle in IBM Engineering Test Management exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a...