115cms Cross-Site Scripting Vulnerability

115cms is a multi-module intelligent website building system of Guizhou Forxin Technology 115cms Company in China. 115cms suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious scripts into web pages for execution in other users' browsers...

VMware Aria Operations 安全漏洞

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid, and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations that stems from a malicious actor capable of editing views that could inject...

CVE-2024-10726

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious w...

115cms 代码注入漏洞

115cms is a multi-module intelligent website building system of Guizhou Forxin Technology 115cms Company in China. 115cms suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious scripts into web pages for execution in other users' browsers...

Cross-Site Scripting (XSS)

studio-42/elfinder is vulnerable to persistent Cross-site Scripting XSS. The vulnerability is due to a filename restriction bypass, allowing attackers to inject malicious scripts...

CVE-2024-1097

A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...

CVE-2024-1097 Stored XSS in craigk5n/webcalendar

A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...

CVE-2024-1097

CVE-2024-1097: A stored XSS in craigk5n/webcalendar 1.3.0 occurs in the Report Name input during report creation. Malicious scripts can run in other users’ context, potentially enabling theft of user accounts and cookies. Public details about a fix are not provided in the connected sources; no pa...

CVE-2024-1097 Stored XSS in craigk5n/webcalendar

A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...

CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

CVE-2021-3841

CVE-2021-3841 affects sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2, where stored XSS can be triggered via SVG files uploaded or rendered by the application. The root cause is an SVG handling vulnerability that allows injection of malicious scripts executed in the user’s browser. Im...

Cross-Site Scripting (XSS)

github.com/j3ssie/osmedeus is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper filtering of file contents when generating reports. The contents of the report files HTML and Markdown are read and used to generate the report, but they are not adequately sanitized, allowi...

Cross-Site Scripting (XSS)

github.com/mudler/localai is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation and inadequate sanitization of user inputs when passing parameters to the delete model API, allows malicious scripts to be stored and executed in the application...

Reflected Cross-Site Scripting (Reflected XSS)

OctoPrint is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to unescaped user inputs in OctoPrint’s login dialog and standalone application key confirmation dialog, allows attackers to inject malicious scripts that get reflected back to the user's browser...

Cross-Site Scripting (XSS)

umbraco.cms.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the argument culture in the file /Umbraco/preview/frame?id of the Dashboard component, which allows remote attackers to manipulate the argument and execute malicious scripts...

Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of error messages. An attacker can inject malicious scripts that are executed in the context of the user's browser session. Details Cross-si...

Cross-Site Scripting (XSS)

funadmin/funadmin is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the lack of input validation and filtering of parameters passed to the param variable in the selectfiles method of \backend\controller\sys\Attachh.php, allowing an attacker to inject malicious scripts into th...

CVE-2024-49524

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

CVE-2024-49523 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-49524

CVE-2024-49524 affects Adobe Experience Manager versions 6.5.20 and earlier, with a DOM-based Cross-Site Scripting (XSS) vulnerability. By manipulating a DOM element through a crafted URL or user input, an attacker can inject scripts that execute in the victim’s browser context. Exploitation typi...