DRUPAL-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation, allowing authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device in the "Services" tab of the Device page...

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "metric" parameter in the "/wireless" and "/health" endpoints, allowing attackers to inject arbitrary JavaScript...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "billname" parameter, allowing authenticated users to inject arbitrary JavaScript when creating a new bill...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "token" parameter, which allows authenticated users to inject arbitrary JavaScript when creating a new API token...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "unit" parameter in the "Custom OID" tab, allowing authenticated users to inject arbitrary JavaScript when creating a new OID...

CVE-2024-6485

A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in the lack of measures taken to protect the website structure, allowing attackers to inject arbitrary JavaScript code.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code through a specially created UR...

CVE-2024-53255 Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the "hostname" parameter on the "Capture Debug Information" page, allowing authenticated users to inject arbitrary JavaScript...

CVE-2024-45194

In Zimbra Collaboration ZCS 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting XSS payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This...

CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

CVE-2024-45194

In Zimbra Collaboration ZCS 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting XSS payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This...

Debian dla-3956 : smarty3 - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3956 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3956-1 [email protected]...

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...

CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This...

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users'...

LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php

Summary A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter,...