CVE-2024-31414

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts wh...

CVE-2024-31414

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts wh...

SAP NetWeaver AS Java XSS (3505503)

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability. Note that Nessus has not tested for th...

Halo 跨站脚本漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A cross-site scripting vulnerability exists in Halo versions prior to 2.19.0, which originated from a cross-site scripting XSS attack that allows an attacker to execute malicious script in a user's browser via...

CVE-2024-45280

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability...

CVE-2024-45280

SAP NetWeaver AS Java is affected by a Cross-Site Scripting (XSS) vulnerability in the login application caused by insufficient encoding of user-controlled inputs. The issue is exploitable over the network with user interaction required, and has limited impact on confidentiality and integrity (no...

CVE-2024-45280 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability...

CVE-2024-45280 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability...

CVE-2024-42378

Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor...

CVE-2024-42378

CVE-2024-42378 affects SAP S/4HANA eProcurement. Root cause: weak encoding of user-controlled inputs enabling Reflected XSS. Impact is described as minor on confidentiality and integrity; no availability impact. Affected component is the eProcurement module within SAP S/4HANA; exploit details are...

Security Bulletin: There is a vulnerability in tinymce-6.8.1.min.js used by IBM Maximo Asset Management application (CVE-2024-38357, CVE-2024-38356)

Summary There is a vulnerability in tinymce-6.8.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the noscript elements. A remote...

CVE-2024-38858

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view...

CVE-2024-38858 Cross-site scripting in Robotmk logs view

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view...

CVE-2024-6585

Multiple stored cross-site scripting “XSS” vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this...

CVE-2024-6585

CVE-2024-6585 affects Lightdash v0.1024.6, with multiple stored XSS vulnerabilities in the markdown dashboard and dashboard comment functionality. The flaws allow remote authenticated threat actors to store and execute malicious JavaScript in the context of a user session. The PT-2024-37737 advis...

Cross Site Scripting(XSS)

Webpack is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper handling and lack of sanitization of HTML elements and their attributes in Webpack's AutoPublicPathRuntimeModule, allowing attacker-controlled elements to execute malicious scripts...

Gitea 1.22.0 - Stored XSS

Exploit Title: Stored XSS in Gitea Date: 27/08/2024 Exploit Authors: Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/go-gitea/gitea Version: 1.22.0 Tested on: Linux 5.15.0-107, Go 1.23.0 CVE: CVE-2024-6886 Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored...

ROS-20240827-09

A vulnerability in GLPI's computer hardware requisition, incident, and inventory system is related to external file name or path control. Exploitation of the vulnerability could allow an attacker acting remotely, to upload a malicious PHP script and hijack the plugin loader to execute that...

Helpdeskz 2.0.2 Cross Site Scripting

Exploit Title: Stored XSS Vulnerability via File Name Google Dork: N/A Date: 08 Aug 2024 Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox...

Calibre-web 0.6.21 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Calibre-web Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123 Vulnerability Descriptio...