CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

Input validation

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

Input validation

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

CVE-2023-27294

CVE-2023-27294 describes improper neutralization of input during web page generation, allowing an authenticated attacker with access to a restricted account to submit malicious JavaScript as a calendar event description. When other users view that event, the injected script executes in their brow...

CVE-2023-27293

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

CVE-2023-27293

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

CVE-2023-27293

OpenCats (v0.9.6) is affected by CVE-2023-27293 due to improper input neutralization during web page generation, enabling an unauthenticated attacker to inject malicious JavaScript in questionnaire answers that executes when an authenticated user reviews submissions. This can steal cookies and co...

Malicious code in tpstrpeplgtb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fd90f892727d0f1648c10f09ca93b40cfbcf0a6c5bf9cfc4473a497b3a509e07 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Amazon Linux 2 : thunderbird (ALAS-2023-1945)

The version of thunderbird installed on the remote host is prior to 68.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1945 advisory. The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript...

CVE-2022-47373

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...

CVE-2022-47373

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...

UBUNTU-CVE-2022-47373

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...

SUSE CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior...

SUSE CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

Pandora FMS Console 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way.Pandora is an analytics framework used to find out if a file is suspicious or not and display the results easily. A securit...

Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!

Malicious actors have published more than 451 unique Python packages on the official Python Package Index PyPI repository in an attempt to infect developer systems with clipper malware. Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a...

Cross-site Scripting (XSS)

backdrop/backdrop is vulnerable to Cross-Site Scripting XSS. The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post...

Cross-site Scripting (XSS)

eta is vulnerable to Cross-site Scripting XSS. The vulnerability exists in file-handlers.ts due to improper user-input sanitization from the Express API allowing an attacker to inject and execute malicious JavaScript...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim's browser...