5093 matches found
PT-2024-31780 · Fluxcp · Fluxcp
Name of the Vulnerable Software and Affected Versions: FluxCP versions prior to 1.3 Description: A JavaScript injection is possible via vendors/buyers list pages and shop names that are not sanitized, allowing the execution of arbitrary JavaScript code on the user's browser. This can result in th...
CVE-2024-45592
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
CVE-2024-45592
CVE-2024-45592 affects auditor-bundle (formerly DoctrineAuditBundle) used with Symfony 3.4+. The root cause is an unescaped %source_label% in the Twig macro, permitting Javascript injection and execution. Evidence across sources confirms this XSS vector and that patches are available in versions ...
CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
GHSA-78VG-7V27-HJ67 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...
auditor-bundle 跨站脚本漏洞
auditor-bundle is a tool by Damien Harper Personal Developer. A cross-site scripting vulnerability exists in auditor-bundle versions prior to 6.0.0, which stems from an unescaped entity attribute that enables Javascript injection...
ALPINE-CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
DEBIAN-CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
UBUNTU-CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
The vulnerability of the Tinode Chat messaging platform, which allows attackers to perform cross-site scripting attacks
The vulnerability of the Tinode Chat messaging platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by injecting specially crafted JavaScript code...
CVE-2024-8328 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - Reflected XSS
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks...
CVE-2024-8328
CVE-2024-8328 affects the Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY. The vulnerability is a failure to properly validate a specific page parameter, enabling remote attackers with regular privileges to inject arbitrary JavaScript and perform a reflected cross-...
CVE-2024-45045
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...
CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...
CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...
CVE-2024-45045
CVE-2024-45045 affects mobile variants (Android/iOS) of Collabora Online, based on LibreOffice. The vulnerability enables injection of JavaScript through URL-encoded values in links within documents, exploiting the Android JavaScript interface which can access internal functions. Non-mobile varia...
CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...
Cross Site Scripting
phpoffice/phpspreadsheet is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of spreadsheet styling information by \PhpOffice\PhpSpreadsheet\Writer\Html, which fails to remove or neutralize potentially harmful content before rendering it in HTML. It...