Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

CVE-2024-45153

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-45153

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-45153 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-45153

CVE-2024-45153 : Adobe Experience Manager (AEM) 6.5.20 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing a low-privileged attacker to inject JavaScript that may execute in a user’s browser when visiting the page containing the field. ...

Cross Site Scripting(XSS)

OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the login functionality, which allows an attacker to inject malicious scripts while sending commands to and receiving data from embedded systems...

Cross-site Scripting (XSS)

Pagekit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the widget management feature of the admin panel index.php/admin/site/widget, allowing attackers to inject malicious scripts...

Cross-site Scripting (XSS)

Zenario is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of input in the "Organizer tags" field within the Image library, allowing attackers to inject malicious scripts...

CVE-2024-45920

A Stored Cross-Site Scripting XSS vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature...

Cross Site Scripting(XSS)

Filament is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation of values passed to the ColorColumn or ColumnEntry, allowing untrusted input to be rendered in a way that can execute malicious scripts...

Cross-site Scripting (XSS)

Concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the calendar event name, allowing users or groups with permission to create or modify event calendars to embed and execute malicious scripts...

U.S. Dept Of Defense: XSS Reflected

The web application was vulnerable to reflected cross-site scripting XSS attacks. Untrusted data from the URL parameters was included in the application's response without proper sanitization or validation. This allowed an attacker to inject malicious scripts into web pages viewed by other users...

HTML Injection

Confidant is vulnerable to HTML Injection. The vulnerability is due to insufficient input validation and sanitization of user-supplied data in several endpoints of the Confidant service, allowing attackers to inject malicious scripts into the application...

Cross-site Scripting (XSS)

mautic/core is vulnerable to Cross-Site ScriptingXSS. The vulnerability is due to the Page URL variable not being properly sanitized, allowing malicious scripts to be executed...

Cross Site Scripting(XSS)

Vite is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper handling of the document.currentScript lookup in Vite's script imports for cjs, iife, or umd output formats. It allows attackers to manipulate DOM elements, such as using unsanitized attributes in HTML tags, to...

Confidant 跨站脚本漏洞

Confidant is a Lyft open source application. A cross-site scripting vulnerability exists in Confidant versions prior to 6.6.2, which stems from the presence of a cross-site scripting vulnerability that could allow an attacker to execute malicious scripts on another user's browser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the contact tracking and page hits report feature. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerabili...

Cross Site Scripting(XSS)

DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper depth checking, which can be bypassed through special HTML nesting techniques and prototype pollution, allowing an attacker to execute malicious scripts in the victim's browser...

Cursor’s Magic Comes with a Catch: The Trust Setting You’re Missing

Occasionally, a new AI tool emerges unexpectedly and dominates the conversation on social media. This time, that tool is Cursor, an AI coding platform that’s making waves for simplifying app development with advanced models like Claude 3.5 Sonnet and GPT-4o. In a recent video posted on X, which h...

CVE-2024-31414

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts wh...