CVE-2023-30538

CVE-2023-30538 affects the Discourse open source platform. The issue results from improper sanitization of SVG files, allowing an attacker to execute arbitrary JavaScript in users’ browsers when uploading a crafted SVG. The vulnerability is mitigated in the latest stable and tests-passed Discours...

CVE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse

Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Use...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A cross-site scripting vulnerability exists in Discourse that could allow an attacker to upload an SVG file to execute arbitrary JavaScript code on a user's browser. Affected...

PT-2023-22765 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable and tests-passed versions Description: The issue arises from the improper sanitization of SVG files, allowing an attacker to execute arbitrary JavaScript on users' browsers by uploading a crafted...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

DEBIAN-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

UBUNTU-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

Information disclosure

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

Cross site scripting

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting XSS vulnerability via the adin/importModels Import Records Model field model parameter. This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

PT-2023-15602

Name of the Vulnerable Software and Affected Versions X2CRM Open Source Sales CRM versions 6.6 through 6.9 Description A reflected cross-site scripting XSS issue was discovered in X2CRM Open Source Sales CRM. This issue allows attackers to create malicious JavaScript that will be executed by the...

CVE-2023-26123

Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting XSS such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscriptenrunscript...

raylib 跨站脚本漏洞

raylib is an easy-to-use library for raysan5 personal developers to enjoy video game programming. A security vulnerability exists in raysan5 raylib versions prior to 4.5.0, which stems from a failure of the SetClipboardText API to properly escape characters, which can be exploited by an attacker ...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

CVE-2023-24464

CVE-2023-24464 is a stored cross-site scripting vulnerability in Buffalo network devices (BS-GS2008/2016/2024/2048 and their “P” variants; firmware 1.0.10.01 and earlier). The underlying issue is a stored XSS in the web management console that allows an attacker with access to the management UI t...

CVE-2023-0157

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

Shopify: Reflected XSS on help.shopify.com

A reflected cross-site scripting vulnerability was present in the returnTo parameter on help.shopify.com that allowed javascript code execution if specific steps were followed...