CVE-2024-11021

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-51989 Cross-site Scripting (XSS) Vulnerability in PasswordPusher

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

PT-2024-34614 · Jatos · Jatos

Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.3 Description: A Stored Cross-Site Scripting XSS issue has been found, where an attacker can inject JavaScript into the description field of the study section. This allows malicious scripts to run when an admin views the...

PT-2024-34148 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises due to insufficient input validation and sanitization of the Publish Key field within the SuiteCRM application, allowing an attacker to inject...

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

JATOS 安全漏洞

JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version v3.9.3. An attacker exploiting the vulnerability could inject JavaScript into the description field...

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

Cross-Site Scripting (XSS)

org.openrefine, openrefine is vulnerable to a reflected Cross-Site Scripting XSS vulnerability. The vulnerability is due to the export-rows command reflecting parts of the user request verbatim, including the Content-Type header. It allows an attacker to manipulate the response and inject malicio...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

CVE-2024-50623

CVE-2024-50623 affects Cleo Harmony, Cleo VLTrader, and Cleo LexiCom prior to 5.8.0.21. It is an unrestricted file upload/download flaw that could lead to remote code execution. PoCs exist (e.g., GitHub exploits), and the recommended remediation is to upgrade to 5.8.0.21 or newer. Some connected ...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo, Inc.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that stems from the inclusion of a JavaScript...

CVE-2024-48396

AIML Chatbot 1.0 fixed in 2.0 is vulnerable to Cross Site Scripting XSS. The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts...

PT-2024-32868 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue concerns the /extension/gdata/authorized endpoint, which includes the state GET parameter verbatim in a tag in the output without escaping. This allows an attacker to lead or redirect ...

X2CRM Cross-Site Scripting Vulnerability

X2CRM is a next generation open source social selling application for small and medium sized businesses. A cross-site scripting vulnerability exists in X2CRM. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited to...

CVE-2021-4444 Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new...

CVE-2024-48622

A cross-site scripting XSS issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter...

CVE-2024-9969 NewType WebEIP v3.0 - Reflected XSS

NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting XSS attack. The affected product is no longer maintained. It is recommended to upgrade to the...