CVE-2024-56517

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

CVE-2024-56517

LGSL (Live Game Server List) is affected by CVE-2024-56517 with a reflected XSS in the Referer header affecting versions up to 6.2.1. Attackers can inject arbitrary JavaScript that is echoed back into an HTML attribute in the response due to insufficient sanitization. The issue is caused by using...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

CVE-2024-56507

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting XSS vulnerability exists in the LinkAce. This issue occurs in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before bein...

LinkAce 安全漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Personal Developer. A security vulnerability exists in LinkAce versions prior to 1.15.6 that stems from user input that is not properly cleaned or encoded before being reflected in an HTML response. An attacker...

WordPress plugin wp-publications 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

PT-2024-56: Cross-site Scripting (XSS) in SimpleXLSX

The vulnerability was identified in SimpleXLSX versions 1.0.12-1.1.12. The discovered vulnerability allows an attacker to inject an arbitrary JavaScript code. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 21.12.2024 Recommendations: Update to version or higher...

CVE-2024-10385

CVE-2024-10385 affects DirectAdmin Evolution Skin’s ticket management system. It describes a stored XSS vulnerability that allows a low-privileged user to inject and persist malicious JavaScript; if an admin views the ticket, the script may perform privileged actions, including command execution....

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2024-49170)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

USN-7158-1 smarty3 vulnerabilities

It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubun...

CVE-2024-50585

CVE-2024-50585 affects the Numerix License Server (Numerix, Inc.). Users who click a malicious link or visit an attacker-controlled site can have arbitrary JavaScript executed in the context of the Numerix License Server Administration System Login (nlslogin.jsp) page. The vulnerability can be tr...

PT-2024-55: Cross-site Scripting (XSS) in SimpleXLSX

The vulnerability was identified in SimpleXLSX, versions 1.0.12-1.1.11. The discovered vulnerability allows an attacker to inject an arbitrary JavaScript code. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 11.12.2024 Recommendations: Update to version 1.1.12 or high...

The software for managing and publishing geodata on the OSGeo GeoServer platform is vulnerable due to lack of measures taken to protect the website structure. This vulnerability allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the software for managing and publishing geodata on the OSGeo GeoServer server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor, operating remotely, to perform cross-site scripting attacks X...

CVE-2024-52991

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52862

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52857

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52829

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52816

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...