CVE-2024-54036 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-54036

Adobe Connect (versions 12.6, 11.4.7 and earlier) is affected by a stored Cross‑Site Scripting (XSS) vulnerability (CVE-2024-54036). The issue allows injection of malicious scripts into vulnerable form fields and can lead to session takeover; impact on confidentiality and integrity is high. Remed...

CVE-2024-54039 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-54039 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-54032 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-54032

CVE-2024-54032 is a stored XSS vulnerability in Adobe Connect affecting 12.6 and 11.4.7 and earlier. The attacker can inject scripts into vulnerable form fields, with potential session takeover and high impact to confidentiality/integrity. Public details come from NVD/NCSC/CNVD entries and the Ad...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-9872

CVE-2024-9872 (vcita WordPress plugin) : Affected plugin versions include all up to 4.5.1. Root cause is a missing capability check in vcita_save_user_data_callback(), enabling authenticated users with Subscriber+ privileges to modify data and inject scripts and update settings. Impact per source...

CVE-2024-12003

The CVE-2024-12003 entry concerns the WP System WordPress plugin (versions up to 1.1.1). The advisory states a Cross-Site Request Forgery (CSRF) vulnerability due to missing or incorrect nonce validation in generate_wp_system_page_content(), enabling unauthenticated attackers to inject malicious ...

CVE-2024-51548

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51548

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51548

CVE-2024-51548 is an active vulnerability affecting ABB ASPECT – Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02, caused by dangerous file upload that can allow uploading of malicious scripts. Multiple connected sources confirm the issue and list affected products and versi...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML elements and attributes. An attacker can inject malicious scripts by exploiting the overridden sanitizer configurations that allow certain HTML5 elements. Note Exploiting...

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as "Запрос цены и предложения от Индивидуального...

Cross-site Scripting (XSS)

sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG files, allowing attackers to inject malicious scripts that execute in the user's browser context...

CVE-2024-38833

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...