CVE-2024-41953

ZITAdel ( Zitadel ) has a vulnerability (CVE-2024-41953) due to improper HTML sanitization in emails and Console UI. The issue allows untrusted user- or admin-provided content (such as usernames and email body content) to include HTML/JS that could render in emails and user pages. Impact describe...

CVE-2024-41947 XWiki Platform XSS through conflict resolution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

CVE-2024-41947

CVE-2024-41947 affects XWiki Platform. When a conflict arises while a user with higher rights is editing a page, it can allow execution of JavaScript on the other user’s browser, compromising confidentiality, integrity and availability of the installation. The issue has been patched in XWiki vers...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a conflict that can compromise the confidentiality, integrity, and availability of an entire XWiki installation by executing...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper handling of filenames when uploading attachments, allowing users to upload attachments with malicious filenames,...

The vulnerability of the Archer Platform’s system for creating and managing business applications lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Archer Platform system for creating and managing business applications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML or JavaScript code...

CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

PT-2024-37400

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 5.0.6.0 Description: The issue allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. This is achieved through a reflected XSS attack. Recommendations: For...

SUSE CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

DEBIAN-CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

UBUNTU-CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

PT-2024-5673 · Unknown · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure, specifically in the code parameter of the netshop CMS module. This allows a remote attacker to execute...

PT-2024-5671 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the pricerule parameter in the netshop CMS module of the Netcat system, which is vulnerable to cross-site request forgery. This could allow a remote...

PT-2024-5670 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the netshop CMS module of Netcat. This could allow a remote attacker to execute arbitrary JavaScript code in...

PT-2024-5683 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS calendar module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the calendar module of the Netcat CMS system. This could allow a remote attacker to execute arbitrar...

PT-2024-5676 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS filemanager module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the filemanager module of the Netcat CMS system. This could allow a remote attacker to execute...

PT-2024-5678 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection for the web page structure in the filemanager module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript...