CVE-2024-36187

Adobe Experience Manager (AEM) prior to version 6.5.21 is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing attacker-injected JavaScript to run in the victim’s browser when visiting a page containing the field. Affected product/version: AEM 6.5.20 a...

CVE-2024-26085 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36167 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36203

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored XSS vulnerability in vulnerable form fields (CVE-2024-36203). An attacker could inject malicious JavaScript that executes in a victim’s browser when loading a page containing the vulnerable field. CVSS v3.1 base score 5.4 ...

CVE-2024-36185 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26081 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-5478

A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...

CVE-2024-5478

CVE-2024-5478 affects lunary-ai/lunary v1.2.7. Root cause: user-supplied orgId is embedded directly into XML/SAML metadata without proper escaping/validation, enabling XSS via the /auth/saml/${org?.id}/metadata endpoint. Impact: potential theft of user cookies or authentication tokens through inj...

SUSE CVE-2023-40030

Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

UBUNTU-CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

PT-2024-40096 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Silverstripe versions prior to a fixed version affected versions not specified Description: The issue affects Internet Explorer browsers, where requests do not encode all entities in the URL string. As a result, when rewriting hashlinks,...

Wiki.js 安全漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. A security vulnerability exists in Wiki.js versions prior to 2.5.303, which stems from a vulnerability that allows an attacker to inject malicious JavaScript into the...

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from a lack of input validation and output encoding of untrusted data, and can be exploited by an unauthenticated...

PT-2024-25692 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.26.2 Description: The issue is related to improper escaping of a custom field's name, allowing an attacker to inject HTML and potentially execute arbitrary JavaScript when certain conditions are met, such as...

New Case Study: The Malicious Comment

How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a 'Thank you' not a 'Thank you'? When it's a...

CVE-2024-28979

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

CVE-2024-28979

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

CVE-2024-28979

Dell OpenManage Enterprise (Dell EMC) before 4.1.0 is affected by an improper neutralization of input during web page generation (Cross-site Scripting). The vulnerability arises from insufficient input filtering/escaping in the web UI, enabling a high-privilege remote attacker to inject scripts v...

PT-2024-41445 · Ооо "Вебсофт Девелопмент" · Websoft Hcm

Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга XSS путём внедрения специально сформированного...