Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Laravel 11.0 Cross Site Scripting

/! - VULNERABILITY: Cross Site Scripting Laravel version 11.0 - Authenticated Persistent XSS - GOOGLE DORK: inurl:.com/?q= - GOOGLE DORK: Site:.com/?q= - DATE: 2024-12-01 - SECURITY RESEARCHER: E1.Coders - VENDOR: LARAVEL https://laravel.com/ - SOFTWARE LINK:...

DRUPAL-CONTRIB-2024-064

This module integrates Tarte au citron JS library with Drupal and prevent services to be loaded without user consent. Administrators can enable and configure services which will be managed by Tarte au citron. When Google Tag Manager GTM service is enabled, an attacker can load a GTM container tha...

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

CVE-2024-11680

ProjectSend exposes an improper authentication/authorization vulnerability that affects versions prior to r1720 (r1605 and older per sources). An unauthenticated remote attacker can exploit crafted requests to options.php to modify configuration, enabling account creation, file uploads (including...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and sanitization of the "name" parameter, allowing malicious JavaScript to be stored and executed in other users' sessions...

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. "The attackers embedded malicious JavaScrip...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0. An attacker c...

CVE-2024-52583

The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page schedule.html before 17 November 2024 or commit 93dfb83 contains links to Leostop, a site that hosts a malicious injected JavaScript file that occurs when...

WesHacks 安全漏洞

WesHacks is a hackathon website by the individual developer Shahm Najeeb. A security vulnerability exists in versions of WesHacks prior to 17/11/2024, which stems from the site hosting maliciously injected JavaScript files...

Stored Cross-Site Scripting (XSS) via SAML IdP XML Injection

An attacker can achieve stored cross-site scripting XSS by injecting malicious JavaScript into the SAML IdP XML metadata. This metadata is used to generate the SAML login redirect URL, which is ultimately set as the value of window.location.href. This vulnerability allows the attacker to execute...

LoLLMs 代码问题漏洞

LoLLMs is a Web UI for a large language multi-modal system by the individual developer Saifeddine ALOUI. A code issue vulnerability exists in LoLLMs version 9.6, which stems from the presence of a cross-site scripting XSS and open redirection vulnerability that allows an attacker to embed malicio...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...

Combodo iTop 安全漏洞

Combodo iTop is a suite of open source web applications developed by the French company Combodo based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A security vulnerability in Combodo iTop...

SuiteCRM 跨站脚本漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A cross-site scripting vulnerability exists in SuiteCRM. An attacker can exploit this vulnerability to inject malicious JavaScript code...

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and accou...