Debian dla-3956 : smarty3 - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3956 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3956-1 [email protected]...

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...

CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This...

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users'...

LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php

Summary A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter,...

CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...

GHSA-888J-PJQH-FX58 Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "billname" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the "Bill...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder by emlog's individual developers. A security vulnerability exists in emlog version 2.3.18 and prior versions. An attacker can exploit the vulnerability to write malicious JavaScript code in published posts...

PT-2024-34484 · Unknown · Flightpath

Name of the Vulnerable Software and Affected Versions: FlightPath version 7.5 Description: The issue allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the Last Name...

PT-2024-33665 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the token parameter when creating a new API token. This c...

PT-2024-34661

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.10.0 Description A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the unit parameter when creating a new OID. Th...

GitLab 16.0 < 17.3.7 / 17.4 < 17.4.4 / 17.5 < 17.5.2 (CVE-2024-8648)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious...

UBUNTU-CVE-2024-8648

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL...

CVE-2024-8648

CVE-2024-8648 affects GitLab CE/EE, with all versions before 17.3.7 (16.x line), 17.4 before 17.4.4, and 17.5 before 17.5.2 vulnerable to a cross-site scripting (XSS) flaw in Analytics Dashboards via a crafted URL. The issue is due to improper handling/neutralization of input in the web page gene...

CVE-2024-45642

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Siemens OZW devices (web servers) cross-site scripting vulnerability

OZW devices web servers are used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning. A cross-site scripting vulnerability exists in Siemens OZW devices web servers, which can be exploited by an attacker to inject arbitrary JavaScript code...

Siemens OZW672和OZW772 跨站脚本漏洞

OZW devices web servers are used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning. A cross-site scripting vulnerability exists in Siemens OZW devices web servers, which can be exploited by an attacker to inject arbitrary JavaScript code...

Siemens OZW672 and OZW772 Web Server

SUMMARY OZW672 and OZW772 Web Server versions before V5.2 contain a stored cross-site scripting XSS vulnerability that could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges...

CVE-2024-45087

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...