CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...

GHSA-888J-PJQH-FX58 Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "billname" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the "Bill...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder by emlog's individual developers. A security vulnerability exists in emlog version 2.3.18 and prior versions. An attacker can exploit the vulnerability to write malicious JavaScript code in published posts...

PT-2024-34484 · Unknown · Flightpath

Name of the Vulnerable Software and Affected Versions: FlightPath version 7.5 Description: The issue allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the Last Name...

PT-2024-33665 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the token parameter when creating a new API token. This c...

PT-2024-34661

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.10.0 Description A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the unit parameter when creating a new OID. Th...

GitLab 16.0 < 17.3.7 / 17.4 < 17.4.4 / 17.5 < 17.5.2 (CVE-2024-8648)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious...

UBUNTU-CVE-2024-8648

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL...

CVE-2024-8648

CVE-2024-8648 affects GitLab CE/EE, with all versions before 17.3.7 (16.x line), 17.4 before 17.4.4, and 17.5 before 17.5.2 vulnerable to a cross-site scripting (XSS) flaw in Analytics Dashboards via a crafted URL. The issue is due to improper handling/neutralization of input in the web page gene...

CVE-2024-45642

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Siemens OZW devices (web servers) cross-site scripting vulnerability

OZW devices web servers are used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning. A cross-site scripting vulnerability exists in Siemens OZW devices web servers, which can be exploited by an attacker to inject arbitrary JavaScript code...

Siemens OZW672和OZW772 跨站脚本漏洞

OZW devices web servers are used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning. A cross-site scripting vulnerability exists in Siemens OZW devices web servers, which can be exploited by an attacker to inject arbitrary JavaScript code...

Siemens OZW672 and OZW772 Web Server

SUMMARY OZW672 and OZW772 Web Server versions before V5.2 contain a stored cross-site scripting XSS vulnerability that could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges...

CVE-2024-45087

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-11021

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-51989 Cross-site Scripting (XSS) Vulnerability in PasswordPusher

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

PT-2024-34614 · Jatos · Jatos

Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.3 Description: A Stored Cross-Site Scripting XSS issue has been found, where an attacker can inject JavaScript into the description field of the study section. This allows malicious scripts to run when an admin views the...

JATOS 安全漏洞

JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version v3.9.3. An attacker exploiting the vulnerability could inject JavaScript into the description field...