CVE-2024-26078

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26057

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-26036

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36213

CVE-2024-36213 affects Adobe Experience Manager (AEM) versions 6.5.20 and earlier. The vulnerability is a stored cross-site scripting (XSS) flaw in vulnerable form fields, allowing an attacker to inject malicious scripts that execute in a victim’s browser when visiting a page containing the field...

CVE-2024-36239 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-36153 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26074

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored XSS vulnerability (CVE-2024-26074) in vulnerable form fields, allowing injected JavaScript to run in a victim’s browser. Remediation: upgrade to 6.5.21 or later (per APSB24-28). The CVSS v3.1 base score is 5.4 (Medium). If...

CVE-2024-36231

CVE-2024-36231 affects Adobe Experience Manager versions 6.5.20 and earlier, with a DOM-based XSS vulnerability that could allow arbitrary JavaScript execution in the victim’s browser session. Exploitation typically requires user interaction (e.g., clicking a crafted link or submitting a form). T...

CVE-2024-36174

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing attacker-injected JavaScript to run in a victim’s browser when visiting the page containing the field. The CVSS 3.1BaseScore is 5.4 (Medium) with...

CVE-2024-26066

Affected product: Adobe Experience Manager (AEM) 6.5.20 and earlier. Issue: stored Cross-Site Scripting (XSS) in vulnerable form fields that could allow an attacker to inject malicious JavaScript, executing in a victim’s browser when visiting the page containing the field. Root cause: XSS in form...

CVE-2024-36141 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-36142

CVE-2024-36142 affects Adobe Experience Manager (AEM) 6.5.20 and earlier with a stored XSS in vulnerable form fields. The issue allows an attacker to inject malicious JavaScript that can execute in a victim’s browser when visiting a page containing the vulnerable field. The CVSS v3.1 vector indic...

CVE-2024-36208

CVE-2024-36208 affects Adobe Experience Manager (AEM) 6.5.20 and earlier and is a stored Cross-Site Scripting (XSS) vulnerability. The issue involves vulnerable form fields that allow injected JavaScript to execute in a victim’s browser when a page containing the field is loaded. The CVE details ...

Important: thunderbird

Issue Overview: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. CVE-2024-4367 If the browser.privatebrowsing.autostart preference is...

PT-2024-7825 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 Description: The issue is related to a reflected XSS vulnerability. It may allow a remote, unauthenticated attacker to create a crafted link which, when clicked, could potentially...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Moderate: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 8 : thunderbird (RHSA-2024:3784)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3784 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox...

ALSA-2024:3783 Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsi...

CVE-2024-3402

CVE-2024-3402 affects gaizhenbiao/chuanhuchatgpt version 20240121. A stored XSS vulnerability arises from inadequate sanitization/validation of the model output data, allowing injection/execution of arbitrary JavaScript in the context of other users’ browsers and potentially hijacking victims’ se...