6 matches found
Tale Blog 代码注入漏洞
Tale Blog is a Java blog. A cross-site scripting vulnerability exists in Tale Blog version 2.0.5 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the logourl parameter of the OptionsService function of...
ZenML < 0.56.2 Vulnerability - CVE-2024-2171
The version of ZenML installed on the remote host is prior to 0.56.2. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability was identified within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users,...
Cross Site Scripting (XSS)
zenml is vulnerable to Cross Site Scripting XSS. The vulnerability is due to missing santization of the logourl field, allowing an attacker to send harmful messages to other users and potentially compromise their accounts...
PYSEC-2024-170
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2171 Stored XSS in zenml-io/zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2171 Stored XSS in zenml-io/zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...