Red Hat Keycloak 跨站脚本漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat Keycloak, which stems from a flaw found in SAML client registration that could allow an...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...

Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom...

CVE-2024-1602

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-1602

CVE-2024-1602 affects parisneo/lollms-webui, with a stored XSS that leads to Remote Code Execution. Attacker can exploit inadequate sanitization/validation of model output data to inject JavaScript that runs in the user’s browser and can trigger a request to /execute_code to establish a reverse s...

CVE-2024-27477

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets also known as to-dos. This stored XSS vulnerability can be exploited to perform...

CVE-2024-20759 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

CVE-2024-26097 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

GHSA-PJ42-R64F-4XFQ Concrete CMS Stored XSS on the calendar color settings screen

Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings scre...

CVE-2024-2753

CVE-2024-2753 describes a Stored XSS in Concrete CMS on the Calendar Color Settings screen. Affected are Concrete CMS versions 9.x before 9.2.8 and versions prior to 8.5.16. The root cause is that user input is output without escaping, enabling a rogue administrator to inject JavaScript that exec...

Cross Site Request Forgery (CSRF)

github.com/mudler/localai is vulnerable to Cross Site Request Forgery CRSF. The vulnerability is due to a lack of CSRF tokens, allowing an attacker to host malicious JavaScript on a host. When visited by a LocalAI user, this could allow the attacker to fill disk space to deny service or abuse...

LocalAI cross-site request forgery vulnerability

A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...

CVE-2024-3135

Technical details (affected products/versions, root cause, fixes) are not publicly provided in the supplied documents. Monitor for updates from official advisories; current sources reiterate CSRF risk but lack version-specific remediation information.

LocalAI 跨站请求伪造漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. LocalAI suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF tokens on the web server, which allows an attacker to host malicious JavaScript on a host that coul...

CVE-2024-2726

Stored Cross-Site Scripting Stored-XSS vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-21159)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-21161)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cross-Site Scripting (XSS)

octoprint is vulnerable to Cross-Site Scripting XSS. The vulnerability due to improper input validation and sanitization of the webcam snapshot URL input field, which allows for the execution of malicious JavaScript code into the victim's browser...

CVE-2024-1785

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...