PT-2024-30256 · Unknown · Super 8 Live Chat

Name of the Vulnerable Software and Affected Versions: Super 8 Live Chat affected versions not specified Description: The issue allows unauthenticated remote attackers to insert JavaScript code into the chat box due to a failure to properly filter user input. When the message recipient views the...

PT-2024-3189 · Ibm · Ibm Cloud Pak For Security +1

Name of the Vulnerable Software and Affected Versions: IBM QRadar Suite Software versions 1.10.12.0 through 1.10.19.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 Description: The issue is related to stored cross-site scripting, allowing users to embed arbitrary JavaScript code ...

The vulnerability of the CMS system Netcat, related to the manipulation of inter-site requests, allows a hacker to inject arbitrary JavaScript code.

The vulnerability of the CMS system Netcat is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code remotely...

PT-2024-13476 · Ibm · Ibm Sterling File Gateway

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 6.0.0.0 through 6.0.3.9 IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.3 IBM Sterling File Gateway version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web...

CVE-2024-1602

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

CVE-2024-26079 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PT-2024-18163 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The issue arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within...

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

PortlandLabs Concrete CMS 安全漏洞

PortlandLabs Concrete CMS is an open source content management system for teams from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS prior to 9.2.8, versions prior to 8.5.16, which stems from user input being output without escaping, and an attacker may be...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-40143)

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'forward.0.domain' parameter. This plugin only works with Tenable.ot. Please visit...

CVE-2024-20799

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-29832

The currenturl parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the currenturl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No...

WordPress plugin PhotoGallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

XSS via the "Snapshot Test" feature in Classic Webcam plugin settings

Impact OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface will execute...

CVE-2024-26062 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26052 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26041 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

UBUNTU-CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

U.S. Dept Of Defense: Reflected XSS on error message on Login Page

The login page on the specified system was found to have a reflected cross-site scripting XSS vulnerability. The vulnerable link allowed an attacker to inject crafted JavaScript code that could be executed in the user's browser. The vulnerability was discovered in the error message parameter of t...