CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

UBUNTU-CVE-2024-51490

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...

UBUNTU-CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

CVE-2024-52286

CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...

Super Unlimited com.superfast.video.downloader 安全漏洞

Super Unlimited com.superfast.video.downloader Super Unlimited Video Downloader is a video downloader from Super Unlimited, Inc. A security vulnerability exists in com.superfast.video.downloader Super Unlimited Video Downloader - All in One version 5.1.9 and earlier. An attacker can exploit this...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.32.0 that stems from a merge function that accepts untrusted user input and uses it directly to create HTML...

PT-2024-35152 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...

CVE-2024-50601

Axigen Mail Server (up to 10.5.28) is affected by persistent and reflected XSS via the themeMode cookie and the _h URL parameter. The described impact includes arbitrary JavaScript execution, session hijacking, and data leakage, with a multi-stage attack potential. Remediation is available in fix...

CVE-2024-46964

The com.video.downloader.all aka All Video Downloader application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component...

CVE-2024-46965

The DS allvideo.downloader.browser aka Fast Video Downloader: Browser application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component...

Ikhgur mn.ikhgur.khotoch 安全漏洞

Ikhgur mn.ikhgur.khotoch Ikhgur Video Downloader Pro & Browser is a video downloader from Ikhgur. A security vulnerability exists in Ikhgur mn.ikhgur.khotoch Video Downloader Pro & Browser version 1.0.42 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary JavaScri...

Video Developers com.video.downloader.all 安全漏洞

Video Developers com.video.downloader.all Video Developers All Video Downloader is a video downloader from Video Developers, Inc. A security vulnerability exists in version 11.28 and earlier of com.video.downloader.all All Video Downloader. An attacker can exploit this vulnerability to execute...

CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...

CVE-2024-46960

The ASD com.rocks.video.downloader aka HD Video Downloader All Format application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component...

CVE-2024-46960

The ASD com.rocks.video.downloader aka HD Video Downloader All Format application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component...

PT-2024-32301 · Unknown · Com.Rocks.Video.Downloader

Name of the Vulnerable Software and Affected Versions: com.rocks.video.downloader aka HD Video Downloader All Format versions 7.0.129 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. This c...

CVE-2024-46961

The Inshot com.downloader.privatebrowser aka Video Downloader - XDownloader application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component...

Basecamp: Mutation Based Stored XSS on Trix Editor version latest (2.1.8)

A vulnerability was discovered in the Trix Editor version 2.1.8 where a mutation-based stored cross-site scripting XSS attack was possible. The vulnerability could be exploited by crafting a malicious payload that, when copied and pasted into the editor, would trigger the execution of arbitrary...

CVE-2024-48059

CVE-2024-48059 affects gaizhenbiao/chuanhuchatgpt up to version 20240802, vulnerable to stored XSS in WebSocket session transmissions. An attacker can inject malicious content into a WebSocket message, with execution of injected script in a victim’s browser when the session is accessed. The root ...

PT-2024-29708 · Unknown · Acr.Browser.Lightning +1

Name of the Vulnerable Software and Affected Versions: com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader version 20-30.05.24 Description: The issue allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity...