Synacor Zimbra Security Vulnerability

Synacor Zimbra is an open source email collaboration platform from Synacor Inc. in the United States. A security vulnerability exists in Synacor Zimbra Collaboration ZCS versions 8.8.15, 9.0, and 10.0. An attacker can exploit the vulnerability to inject JavaScript or HTML code...

CVE-2023-50808

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI...

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...

CVE-2023-50808

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI...

CVE-2023-50808

CVE-2023-50808 affects Zimbra Collaboration prior to Kepler 9.0.0 Patch 38 GA, where the Modern UI is vulnerable to DOM-based JavaScript injection. The root cause is DOM manipulation in the Modern UI that enables injected script execution, as described across multiple sources. Impact statements i...

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...

CVE-2023-45227

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

CVE-2023-45222

An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...

Cross site scripting

An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration...

Cross site scripting

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter...

Cross site scripting

An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter...

Westermo Lynx 206-F2G Cross-Site Scripting Vulnerability

The Westermo Lynx 206-F2G is a Layer 3 industrial Ethernet switch from Westermo, Sweden, powered by the Westermo WeOS network operating system. A security vulnerability exists in the Westermo Lynx 206-F2G. An attacker can exploit this vulnerability to introduce arbitrary JavaScript by injecting a...

CVE-2024-0660

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

CVE-2024-0660 Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

Cross Site Scripting (XSS)

antisamy is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper parsing of HTML when the preserveComments directive is enabled in the policy file. This issue can be exploited by an attacker to inject malicious JavaScript via comment tags...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...

GHSA-RV8P-RR2H-FGPG @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability

Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...

@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability

Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...

GHSA-997G-27X8-43RF react-query-streamed-hydration Cross-site Scripting vulnerability

Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...

react-query-streamed-hydration Cross-site Scripting vulnerability

Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...