Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.x through 6.14 P2 HF1 6.14.0.2.1 prior. An attacker could exploit the vulnerability to execute malicious JavaScript code in a web application...

PT-2024-21290 · Element · Element Android

Name of the Vulnerable Software and Affected Versions: Element Android versions 1.4.3 through 1.6.10 Description: The issue allows a third-party malicious application to start any internal activity by passing some extra parameters, potentially making Element Android display an arbitrary web page,...

The vulnerability of the Captive Portal function in the PAN-OS operating system allows a intruder to execute arbitrary JavaScript code.

The vulnerability of the Captive Portal function in the PAN-OS operating system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

CVE-2024-0010

A reflected cross-site scripting XSS vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

SUSE CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...

SUSE CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to bypass the advanced content filtering mechanism to inject incorrectly formatted...

Allegro Cross-Site Scripting Vulnerability

Allegro is a cross-platform library open-sourced by Allegro primarily for video game and multimedia programming. A security vulnerability exists in Allegro AI ClearML. An attacker can exploit this vulnerability to execute a JavaScript payload when a user views the "Debug Samples" tab in the Web U...

Design/Logic Flaw

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

phpMyFAQ Security Vulnerabilities

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.4, which stems from an insecure fallback of a filename in phpMyFAQphpmyfaqadminattachments.php that could result in allowing JavaScript...

CVE-2023-37527

A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A cross-site scripting vulnerability exists in the HCL BigFix Platform, which...

PT-2024-12633 · Hcl · Hcl Bigfix Platform

Name of the Vulnerable Software and Affected Versions: HCL BigFix Platform affected versions not specified Description: A cross-site scripting XSS issue in the Web Reports component can allow an attacker to execute malicious javascript code into a webpage, potentially accessing stored cookie...

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

Server side request forgery (ssrf)

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...