CVE-2023-41165

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...

CVE-2023-37531

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

CVE-2023-37530

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information...

CVE-2023-37530

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information...

CVE-2023-37531

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

Design/Logic Flaw

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...

PT-2024-18497 · Unknown · Cockpit Cms

Name of the Vulnerable Software and Affected Versions: Cockpit CMS version 2.7.0 Description: A Cross-Site Scripting issue in Cockpit CMS could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded...

Cockpit Cross-Site Scripting Vulnerability

Cockpit is an interactive server management interface. A cross-site scripting vulnerability exists in Cockpit CMS version 2.7.0. An attacker can exploit this vulnerability to upload an infected PDF file and store a malicious JavaScript load to be executed when the file is uploaded...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform that stems from the...

Stormshield Network Security Security Vulnerabilities

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security that stems from the fact that an administrator with write access can configure login disclaimers using...

CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

Cross-Site Scripting (XSS)

Rails is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the translation helpers, specifically in the handling of the default option. This flaw allows an attacker to inject malicious JavaScript code into the browser, resulting in Cross-Si...

Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. Impacted...

GHSA-GP6M-FQ6H-CJCX Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of the URL input, allowing attackers to execute arbitrary JavaScript code in the user's context by embedding a malicious javascript: URL in the link target of a link button...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15723)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2024-15671

Name of the Vulnerable Software and Affected Versions Microsoft Clarity plugin for WordPress versions up to, and including, 0.9.3 Description The issue is related to Cross-Site Request Forgery due to missing nonce validation on the edit clarity project id function. This allows unauthenticated...

CVE-2024-0010

CVE-2024-0010 : A reflected cross-site scripting (XSS) vulnerability in the PAN-OS GlobalProtect portal could allow an attacker to execute malicious JavaScript in a user’s browser after clicking a crafted link, enabling phishing and potential credential theft. Affected PAN-OS versions (per connec...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker can exploit the vulnerability to execute malicious JavaScript...