CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

PT-2024-34148 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises due to insufficient input validation and sanitization of the Publish Key field within the SuiteCRM application, allowing an attacker to inject...

Cross-Site Scripting (XSS)

org.openrefine, openrefine is vulnerable to a reflected Cross-Site Scripting XSS vulnerability. The vulnerability is due to the export-rows command reflecting parts of the user request verbatim, including the Content-Type header. It allows an attacker to manipulate the response and inject malicio...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo, Inc.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that stems from the inclusion of a JavaScript...

CVE-2024-50623

CVE-2024-50623 affects Cleo Harmony, Cleo VLTrader, and Cleo LexiCom prior to 5.8.0.21. It is an unrestricted file upload/download flaw that could lead to remote code execution. PoCs exist (e.g., GitHub exploits), and the recommended remediation is to upgrade to 5.8.0.21 or newer. Some connected ...

CVE-2024-48396

AIML Chatbot 1.0 fixed in 2.0 is vulnerable to Cross Site Scripting XSS. The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts...

PT-2024-32868 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue concerns the /extension/gdata/authorized endpoint, which includes the state GET parameter verbatim in a tag in the output without escaping. This allows an attacker to lead or redirect ...

X2CRM Cross-Site Scripting Vulnerability

X2CRM is a next generation open source social selling application for small and medium sized businesses. A cross-site scripting vulnerability exists in X2CRM. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited to...

CVE-2021-4444 Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new...

CVE-2024-48622

A cross-site scripting XSS issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter...

CVE-2024-9969 NewType WebEIP v3.0 - Reflected XSS

NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting XSS attack. The affected product is no longer maintained. It is recommended to upgrade to the...

CVE-2024-48622

CVE-2024-48622 concerns DomainMOD prior to version 4.12.0, where an XSS flaw exists in the admin/domain-fields/edit.php endpoint via the cdfid parameter. Multiple sources (RH Red Hat, NVD, OSV, CNNVD, CVE listings, PT Security, VulnEnrichment, OpenVAS) describe that remote attackers can inject Ja...

Domainmod 安全漏洞

Domainmod is a PHP and MySQL based open source application from the Domainmod community for managing centrally located domain names and other Internet assets. A security vulnerability exists in Domainmod prior to version v4.12.0, which stems from a JavaScript code injection issue contained in the...

CVE-2024-45741

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of user input in the "Alert Transports" feature, specifically in the "Details" section, which allows authenticated users to inject arbitrary JavaScript code executable...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross-Site Scripting Self-XSS. The vulnerability is due to a lack of proper input validation and sanitization in the "Alert Templates" feature of LibreNMS, allows users to inject arbitrary JavaScript into the alert template's name without any restrictions...