Directus 跨站脚本漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus version 10.13.0 that originates from allowing an authenticated external attacker to execute arbitrary JavaScript on t...

PT-2024-37695 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus version 10.13.0 Description: The issue allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter into an unsanitized DOM...

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.4 that stems from the presence of cross-site scripting, which allows an attacker to trick a user into copying and pasting malicious code, and then executing arbitrar...

Improper Input Validation

Apache DolphinScheduler is vulnerable to Improper Input Validation. The vulnerability is due to improper input validation allowing an authenticated user to execute arbitrary, unsandboxed JavaScript on the server...

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0, which stems from the...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0 that stems from the presen...

Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2024-36715)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox for iOS, which can be exploited by attackers to execute Javascript commands in the browser...

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

PT-2024-37933 · Journyx · Journyx

Name of the Vulnerable Software and Affected Versions: Journyx affected versions not specified Description: The issue allows attackers to craft a malicious link that, when clicked, will execute arbitrary JavaScript in the context of the Journyx web application. Recommendations: At the moment, the...

The vulnerability of the CDwnBindInfo function in the mshtml.dll library of Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of the CDwnBindInfo function in the mshtml.dll library of the Internet Explorer browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code by sending a specially created HTML file...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

UBUNTU-CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

PT-2024-30300 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 129 Description: A potential issue exists where long pressing on a download link could allow Javascript commands to be executed within the browser. Recommendations: For Firefox for iOS versions prior to 129,...

CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.4.0 through versions prior to 3.12.4, which stems from insufficient validation of parameters and allows an attacker to execute arbitrary JavaScript on the server side, which in turn...