CVE-2024-54044

The CVE-2024-54044 entry refers to Adobe Connect 12.6, 11.4.7 and earlier being affected by a reflected Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can lure a victim to visit a URL referencing a vulnerable page, causing malicious JavaScript to execute in the victim’s bro...

CVE-2024-9672 Reflected XSS in PaperCut MF

A reflected cross-site scripting XSS vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur...

GHSA-QVQV-MCXR-X8QW Slim Select has potential Cross-site Scripting issue

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

Contao 代码问题漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao version 5.4.1. The vulnerability is exploited by attackers to perform cross-site...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to disclose protected information.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to expose sensitive information through a specially created HTML page...

PT-2025-6048

Name of the Vulnerable Software and Affected Versions npm-serialize-javascript versions up to 6.0.1 Description The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to injec...

CVE-2024-31199

A “CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'” allows malicious users to permanently inject arbitrary Javascript code...

MAL-2024-2095 Malicious code in discord-selfbot.js-v13 (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-26111 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2023-40472

PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...

Leantime Systems Leantime 安全漏洞

Leantime Systems Leantime is an open source PHP and MySQL based project management system from Leantime Systems, Inc. A security vulnerability exists in Leantime Systems Leantime version 3.0.6, which stems from the presence of a cross-site scripting vulnerability that allows an attacker to inject...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.x, 20.x, and 21.x. The vulnerability stems from the fact that an attacker can make the server completely unavailable by sending a small number of HTTP/2 framed packets...

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

PT-2024-21167 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions prior to 2024.1 Foxit PDF Editor versions prior to 2024.1 Description: The issue allows code execution via JavaScript due to an unoptimized prompt message for users to review parameters of commands. Recommendations:...

SuperCali Security Vulnerabilities

SuperCali is an event calendar script from SuperCali. A security vulnerability exists in SuperCali version 1.1.0. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...

CVE-2024-27087

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...

CVE-2024-26465

CVE-2024-26465 concerns a DOM-based cross-site scripting (XSS) in the component/beep/Beep.Instrument.js of the Stewdio Beep.js project, prior to commit ef22ad7. The issue allows an attacker to execute arbitrary JavaScript by sending a crafted URL. The vulnerability is described across multiple so...

CVE-2024-1563

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

CVE-2024-20721 T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words

Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...

CVE-2024-20721 T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words

Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...