CVE-2023-52204 WordPress Randomize Plugin <= 1.4.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3...

CVE-2023-43481

An issue in Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser 6.65.022dab24cc6231221gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component...

PT-2023-28666 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

CVE-2023-6217 MOVEit Transfer XSS via MOVEit Gateway

In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a reflected cross-site scripting XSS vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting...

0x-assert (>=0.0.2 <=0.0.3), 0xauth (>=0.0.5 <=0.1.0) +8686 more potentially affected by CVE-2023-46233 via crypto-js (>=3.1.2-1 <=4.1.1)

crypto-js NPM version =3.1.2-1, =0.0.2, =0.0.5, =1.0.0, =1.0.0, =1.34.1, =0.1.0, =4.11.2, =0.0.1, =3.3.9, =3.10.1, =0.0.16-0.1, =0.0.4, =0.0.7 and more Source cves: CVE-2023-46233 Source advisory: OSV:GHSA-XWCQ-PM8M-C4VF...

PT-2023-29465 · Real Time Automation · Real Time Automation 460 Series

Name of the Vulnerable Software and Affected Versions: Real Time Automation 460 Series products versions prior to 8.9.8 Description: The issue allows an attacker to run any JavaScript reference from the URL string, which could lead to a cross-site scripting attack. If this occurs, the gateway's...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 16.x, 18.x, and 20.x that stems from the use of Module.load to bypass the policy mechanism when given a module outside of the policy.json definition...

CVE-2023-22595

CVE-2023-22595 affects IBM B2B Advanced Communications (1.0.0.x) and IBM Multi-Enterprise Integration Gateway (1.0.0.1). A cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session. Remediation: apply fix pack...

7niu-webpack-plugin (=0.1.0), @a-brands/backend (>=1.0.0 <=1.0.4) +1173 more potentially affected by CVE-2020-26302 via is_js (>=0.2.1 <=0.9.0)

isjs NPM version =0.2.1, =1.0.0, =0.4.0-alpha.1, =0.1.0-beta.15, =0.3.0-beta.18, =0.1.0-alpha.4d9cf8a2, =1.0.1, =0.1.0, =1.0.5, =1.0.0, =3.10.1, =3.13.2 and more Source cves: CVE-2020-26302 Source advisory: OSV:GHSA-PVRW-G6FX-MCX2...

CVE-2023-28394

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

PT-2023-12346 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1 through 11.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

PT-2023-16946 · Amazon +1 · Amazon Fire Tv Stick +1

Name of the Vulnerable Software and Affected Versions: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5 Insignia TV with FireOS versions prior to 7.6.3.3 Description: The issue is related to the setMediaSource function on the amzn.thin.pl service, which does not properly sanitize the source...

CVE-2022-37386

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-44875

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code...

PT-2023-13444 · Ibm · Ibm Maximo Application Suite +1

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management versions 7.6.1.1 through 7.6.1.3 IBM Maximo Application Suite versions 8.8 through 8.9 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and...

SUSE CVE-2008-5715

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service application crash via JavaScript code with a long string value for the hash property aka location.hash. NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU...

SUSE CVE-2011-2991

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

SUSE CVE-2013-0750

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary...

SUSE CVE-2014-7204

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file...

SUSE CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and...