CVE-2024-9969 NewType WebEIP v3.0 - Reflected XSS

NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting XSS attack. The affected product is no longer maintained. It is recommended to upgrade to the...

Domainmod 安全漏洞

Domainmod is a PHP and MySQL based open source application from the Domainmod community for managing centrally located domain names and other Internet assets. A security vulnerability exists in Domainmod prior to version v4.12.0, which stems from a JavaScript code injection issue contained in the...

CVE-2024-48622

CVE-2024-48622 concerns DomainMOD prior to version 4.12.0, where an XSS flaw exists in the admin/domain-fields/edit.php endpoint via the cdfid parameter. Multiple sources (RH Red Hat, NVD, OSV, CNNVD, CVE listings, PT Security, VulnEnrichment, OpenVAS) describe that remote attackers can inject Ja...

CVE-2024-45741

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of user input in the "Alert Transports" feature, specifically in the "Details" section, which allows authenticated users to inject arbitrary JavaScript code executable...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross-Site Scripting Self-XSS. The vulnerability is due to a lack of proper input validation and sanitization in the "Alert Templates" feature of LibreNMS, allows users to inject arbitrary JavaScript into the alert template's name without any restrictions...

Sulu 跨站脚本漏洞

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A cross-site scripting vulnerability exists in Sulu. An attacker can exploit this vulnerability to inject arbitrary HTML/JavaScript code...

PT-2024-25147 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress version 1.3 Description: The issue allows an attacker to inject malicious JavaScript code into the "Add New Entry" section, enabling them to execute arbitrary code in the context of a victim's web browser. This can lead to potential...

FlatPress 安全漏洞

FlatPress is a blog builder system based on Php without database support from the FlatPress community. A security vulnerability exists in FlatPress v1.3. The vulnerability can be exploited to inject malicious JavaScript code into the "Add New Entry" section to execute arbitrary code in the victim...

GHSA-J2J9-7PR6-XQWV LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromisin...

Cross-site Scripting (XSS)

NetBox is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization in the "Top banner" field within the "Configuration History" feature of the "Admin" panel, allowing an authenticated user to inject arbitrary JavaScript or HTML...

Oct8ne 跨站脚本漏洞

Oct8ne is an online chat software from Oct8ne, Inc. Oct8ne suffers from a cross-site scripting vulnerability that originates from chat content that, when intercepted and modified, could allow an attacker to embed harmful JavaScript code into chat messages, resulting in JavaScript code execution...

PT-2024-31477 · Zimbra · Zimbra Administration Panel +2

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 9.0 through 10.0 Description: A vulnerability in the Webmail Modern UI of Zimbra Collaboration allows execution of stored Cross-Site Scripting XSS payloads. An attacker with administrative access to the Zimbr...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version 4.1.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows ...

CVE-2024-47226

A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...

Cross Site Scripting(XSS)

wireui/wireui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper sanitization or escaping of user input in the label query parameter of the /wireui/button endpoint, which allows malicious actors to inject JavaScript and execute arbitrary code in the victim's...

CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui

Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...

CVE-2024-45803

Wire UI (wireui/wireui) for Laravel/Livewire is affected by an XSS in the /wireui/button endpoint via the label query parameter. The input is not properly sanitized, allowing injected JavaScript to execute in the victim’s browser, with potential session hijacking, user impersonation, phishing, or...

CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui

Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...