CVE-2024-7874

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx"...

CVE-2024-7875 XSS in Tungsten Automation TotalAgility

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious...

CVE-2024-7875

CVE-2024-7875 affects Tungsten Automation (Kofax) TotalAgility up to version 7.9.0.25.0.954. The vulnerability is a Reflected XSS in the ScanFront.aspx endpoints where mfpScreenResolutionWidth is manipulated via POST data. An attacker can inject JavaScript code, leading to information disclosure,...

CVE-2024-7874 XSS in Tungsten Automation TotalAgility

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx"...

CVE-2024-7874

CVE-2024-7874 affects Tungsten Automation TotalAgility versions up to 7.9.0.25.0.954. The vulnerability is a Reflected Cross‑Site Scripting (XSS) via the mfpConnectionId parameter in forms posted to /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx and /TotalAgility/Kofax/BrowserDevice/ScanFrontDe...

CVE-2024-7874 XSS in Tungsten Automation TotalAgility

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx"...

DRUPAL-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation, allowing authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device in the "Services" tab of the Device page...

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "metric" parameter in the "/wireless" and "/health" endpoints, allowing attackers to inject arbitrary JavaScript...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "billname" parameter, allowing authenticated users to inject arbitrary JavaScript when creating a new bill...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "token" parameter, which allows authenticated users to inject arbitrary JavaScript when creating a new API token...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "unit" parameter in the "Custom OID" tab, allowing authenticated users to inject arbitrary JavaScript when creating a new OID...

CVE-2024-6485

A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in the lack of measures taken to protect the website structure, allowing attackers to inject arbitrary JavaScript code.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code through a specially created UR...

CVE-2024-53255 Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the "hostname" parameter on the "Capture Debug Information" page, allowing authenticated users to inject arbitrary JavaScript...

CVE-2024-45194

In Zimbra Collaboration ZCS 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting XSS payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This...

CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

CVE-2024-45194

In Zimbra Collaboration ZCS 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting XSS payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This...