PT-2024-34154

Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.2 Description: The issue arises from a broken logic in handling Supplemental Files, allowing unsafe files with Javascript to be executed within the application context. An attacker can exploit this by...

The vulnerability of the iframe plugin in the JetBrains YouTrack software environment allows a hacker to execute arbitrary JavaScript code and unauthorized API calls.

The vulnerability of the iframe plugin in the JetBrains YouTrack software environment relates to insufficient verification of the connection source. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code and make unauthorized API requests...

webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

PT-2025-17573

Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4 Description The issue affects Jmix, a set of libraries and tools for Spring Boot data-centric application development. It allows manipulation of the input parameter, which...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41010)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS that stems from...

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41004)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

Atlassian Confluence 3.0.x < 7.19.25 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-98205)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98205 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability...

CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...

Rancher API Server 安全漏洞

Rancher API Server is an interface between an HTTP client and more sophisticated applications in the Rancher open source. A security vulnerability exists in Rancher API Server that stems from the presence of cross-site scripting XSS that allows an attacker to execute arbitrary JavaScript code in...

CVE-2024-45740

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript cod...

PT-2024-7166 · Splunk · Splunk Cloud Platform +2

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.3 and 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205 Description: A low-privileged user without the "admin" or "power" Splunk roles could create a malicious payload through ...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

The vulnerability of the Passwork password manager, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Passwork password manager is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

Splunk Enterprise 9.1.0 < 9.1.6, 9.2.0 < 9.2.3 (SVD-2024-1010)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-1010 advisory. - In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2024-41463)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that can be exploited by an attacker to say that accessing a URL that references a...