CVE-2024-56508

The CVE-2024-56508 entry describes a file upload vulnerability in LinkAce prior to v1.15.6 within the Import Bookmarks function. Malicious HTML files can be uploaded containing JavaScript payloads that execute when the uploaded links are accessed, enabling potential reflected or persistent XSS. T...

CVE-2024-41752

CVE-2024-41752 affects IBM Cognos Analytics. The vulnerability is an HTML injection in IBM Cognos Analytics versions 11.2.0–11.2.4 and 12.0.0–12.0.3, which could allow a remote attacker to inject HTML that renders in a victim’s browser under the hosting site’s security context. The connected IBM ...

GHSA-HFF8-HJWV-J9Q7 Remote Code Execution on click of <a> Link in markdown preview

Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...

ComfyUI 跨站脚本漏洞

ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...

Cross-Site Scripting (XSS)

dev-lancer/minecraft-motd-parser is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of proper input validation and sanitization in the HtmlGenerator class, allowing attackers to inject malicious HTML into a web page through a malformed Minecraft server MOTD...

Cross Site Scripting(XSS)

github.com/alist-org/alist is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to inadequate input validation in the /i/:linkname endpoint, which fails to sanitize user-provided values, allowing malicious HTML tags to be executed in the application context...

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user interface.

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge is related to improper security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to replace the user interface with a specially created HTML page...

Cross-site Scripting (XSS)

Mautic is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ability of an attacker to edit a Mautic form, allowing them to insert malicious HTML that can steal sensitive information from the user's current session...

PT-2024-6158

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to a Windows MSHTML platform spoofing vulnerability, which allows attackers to execute arbitrary code remotely. This vulnerability has been exploited by the...

CVE-2024-41706

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers...

Cross Site Scripting (XSS)

socalnick/scn-social-auth is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not escaping the URL parameter "redirect," allowing an attacker to inject malicious HTML and execute arbitrary code...

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

NocoDB Allows Preview of Files with Dangerous Content

Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...

IBM App Connect Enterprise HTML Injection Vulnerability

IBM App Connect Enterprise combines the existing industry-trusted technology of IBM Integration Bus with IBM App Connect Professional and cloud technology. It provides a platform that supports the comprehensive integration needs of the modern digital enterprise. IBM App Connect Enterprise suffers...

Setuptools: Denial of Service

Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...

CVE-2023-25200

An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...

CVE-2023-25200

The CVE-2023-25200 entry concerns MT Safeline X-Ray X3310 Webserver NXG 19.05 with an HTML injection vulnerability that can cause a remote attacker to render malicious HTML in a victim's browser and access sensitive information. Red Hat and other sources describe it as an HTML injection/XSS issue...

MT Safeline X-Ray X3310 安全漏洞

MT Safeline X-Ray X3310 is an application from MT Safeline, Inc. A security vulnerability exists in MT Safeline X-Ray X3310 version 19.05. An attacker can exploit the vulnerability to render malicious HTML and obtain sensitive information from the victim's browser...

CVE-2024-24906

Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

langchain Server-Side Request Forgery vulnerability

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...