890 matches found
PT-2024-5829 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2024-07 Description: The issue is related to the Relay Hosts configuration, where an authenticated admin user can inject a JavaScript payload. This payload is executed when the configuration page is viewe...
PT-2024-25029 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe framework versions prior to 5.2.16 Description: A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front e...
PT-2024-28949
Name of the Vulnerable Software and Affected Versions Outline versions prior to 0.77.3 Description A type confusion issue in ProseMirror's rendering process leads to a Stored Cross-Site Scripting XSS issue. An authenticated user can create a document with a malicious JavaScript payload, which can...
CVE-2024-6229
A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...
GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason...
CVE-2024-5906
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...
PT-2024-23768 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.0.0 Description: A stored Cross-Site Scripting XSS vulnerability exists in the mintplex-labs/anything-llm application. The vulnerability arises from the application's failure to properly sanitize...
CVE-2024-5405
A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session details...
CVE-2024-5405 Multiple vulnerabilities in WinNMP from Wtriple
A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session details...
CVE-2024-5405
WinNMP 19.02 contains an XSS vulnerability exploitable via /tools/redis.php, specifically in the k, hash, key, and p parameters. A remote attacker could inject JavaScript to fetch an authenticated user’s session details. The issue is documented across multiple sources (CVE-2024-5405, RH, NVD, CVE...
CVE-2023-49574 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addjob in jobname. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
CVE-2024-34241
A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...
CVE-2024-34241
Summary: CVE-2024-34241 describes a stored XSS in Rocketsoft Rocket LMS 1.9. An administrator can inject a JavaScript payload through the admin web interface when creating new courses or course notifications, enabling script execution in the context of other users. Affected product: Rocketsoft Ro...
CVE-2024-34241
A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...
CVE-2024-34241
A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...
School Task Manager Security Vulnerability
School Task Manager is a school task manager by rems individual developer. A security vulnerability exists in Sourcecodester School Task Manager version 1.0 that stems from the presence of a stored cross-site scripting XSS attack that results in the execution of a malicious JavaScript payload...