5058 matches found
Cross-Site Scripting
flowise is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization in the /api/v1/public-chatflows/id endpoint when a chatflow ID is not found, causing its value to be reflected in the 404 page with type text/html. Attackers can exploit this by crafting...
Cross-Site Scripting (XSS)
flowise is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the /api/v1/credentials/id endpoint, which reflects user input back in the 404 page as HTML. This allows attackers to craft a URL that injects JavaScript into user sessions, enabling...
PT-2024-37619 · Mesbook · Mesbook
Name of the Vulnerable Software and Affected Versions: MESbook version 202221021.03 Description: The issue is related to an Uncontrolled Resource Consumption vulnerability. An unauthenticated remote attacker can use the message parameter to inject a payload with dangerous JavaScript code, causing...
Web Application using Malicious polyfill.io CDN (HTTP)
This script reports if a web page of the remote host is integrating JavaScript .js files hosted on the malicious polyfill.io CDN or any affiliated domain provided by the same new owner. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...
CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...
CVE-2024-36992
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...
CVE-2024-36422 GHSL-2023-245: Flowise xss in api/v1/chatflows/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...
PT-2024-4807 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...
OpenCart Security Vulnerabilities
OpenCart is an open source e-commerce system by the OpenCart team in Hong Kong, China. The system provides modules for product reviews, product ratings, product additions, etc. A security vulnerability exists in OpenCart. OpenCart has a security vulnerability that stems from the presence of...
Path Traversal / Code Injection
willdurand/js-translation-bundle is vulnerable to path traversal and JavaScript code injection. These vulnerabilities are due to insufficient input validation, allowing attackers to manipulate file paths and inject malicious scripts into the application...
CVE-2024-31160
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks...
Carbon Forum 5.9.0 - Stored XSS
Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...
CVE-2024-36207
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36204
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36194
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36191
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36189
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36176
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36180
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...