Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Impact This XSS vulnerability is about the system configs design/header/welcome design/header/logosrc design/header/logosrcsmall design/header/logoalt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously...

PT-2024-29501 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento-lts versions prior to 20.10.1 Description: This issue affects the design/header/welcome, design/header/logo src, design/header/logo src small, and design/header/logo alt system configs, which are intended to enable admins to set a tex...

CVE-2024-3246

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScrip...

Adtran NetVanta 3120 跨站脚本漏洞

The Adtran NetVanta 3120 is a fixed-port Ethernet router from Adtran USA. A cross-site scripting vulnerability exists in the Adtran NetVanta 3120 version 18.01.01.00.E. The vulnerability stems from the presence of multiple stored cross-site scripting vulnerabilities, which allows remote attackers...

PT-2024-24325 · Adtran · Adtran Netvanta 3120

Name of the Vulnerable Software and Affected Versions: AdTran NetVanta 3120 version 18.01.01.00.E Description: The issue allows remote attackers to inject arbitrary JavaScript code, exploiting multiple stored cross-site scripting XSS vulnerabilities. This is demonstrated by various API endpoints,...

Acronis: Potential XSS Vulnerability in Acronis Login Callback URL

The Acronis login callback URL was found to be vulnerable to cross-site scripting XSS attacks. The redirectUrl parameter in the URL was not properly sanitized, allowing an attacker to inject arbitrary JavaScript code. This could have been exploited to steal user session cookies...

CVE-2024-32981 Cross-site Scripting vulnerability with encoded payload in silverstripe/framework

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end o...

IBM Rational ClearQuest 跨站脚本漏洞

IBM Rational ClearQuest IBM Rational CQ is a change management software from International Business Machines IBM. It can help increase developer productivity while providing methods, processes, and tools that are best suited for project and team personnel. A cross-site scripting vulnerability...

PT-2024-18436 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.44 Description: The issue allows authenticated attackers with contributor access and above to modify the content of arbitrary published posts due to a missing...

CVE-2024-6740

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

PT-2024-37836 · Openfind · Openfind Mail2000

Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue allows unauthenticated remote attackers to inject JavaScript code within email attachments, resulting in Stored Cross-site scripting attacks, due to improper validation ...

IBM Datacap Navigator 安全漏洞

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Datacap Navigator, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI...

PT-2024-37838 · Aguardnet Technology · Aguardnet Technology'S Space Management System

Name of the Vulnerable Software and Affected Versions: AguardNet Technology's Space Management System affected versions not specified Description: The issue is related to improper filtering of user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected...

CVE-2024-40690

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 29772...

PT-2024-28986 · Ibm · Ibm Infosphere Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Server version 11.7 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

CVE-2024-6035

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

CVE-2024-6035 Stored XSS in gaizhenbiao/chuanhuchatgpt

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

PT-2024-37660

Name of the Vulnerable Software and Affected Versions bootstrap affected versions not specified Description A security issue has been discovered that could enable Cross-Site Scripting XSS attacks. The issue is associated with the data-loading-text attribute within the button plugin. This can be...

Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk

Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like JavaScript functions, HTML5 elements, and various APIs work across different browsers. Originally...

IBM Cloud Pak for Business Automation 跨站脚本漏洞

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. IBM Cloud Pak for Business Automation suffers from a cross-site scripting...