Cross Site Scripting (XSS)

ibexa/fieldtype-richtext is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation due to a blacklist approach that can be circumvented by using uppercase characters. This allows attackers with content editing permissions to inject malicious scripts into...

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x8664 and ARM64 architectures. "Banshee...

CVE-2024-39403

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

CVE-2024-39403 Stored XSS through Webhook module public key configuration

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

Stored Cross Site Scripting (XSS)

aim is vulnerable to a Stored Cross Site Scripting XSS. The vulnerability is due to improper input neutralization in the logs-tab, which uses dangerouslySetInnerHTML in React. The vulnerability allows an attacker to inject malicious scripts into the logs...

Cross-Site Scripting (XSS)

com.jfinal, jfinal is vulnerable to Cross-site scripting. The vulnerability is due to improper input validation in the Title parameter in the /admin/content file, which can be manipulated to inject malicious scripts. Attackers can exploit this vulnerability remotely to execute arbitrary scripts i...

Cross-Site Scripting (XSS)

com.jfinal, jfinal is vulnerable to Cross-Site Scripting. The vulnerability is due to improper validation of user input in the argument directory of the file /admin/template. Attackers can exploit this vulnerability remotely by injecting malicious scripts, potentially leading to unauthorized...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to a lack of sanitization of content from editors. This allows attackers with valid editor accounts to inject malicious scripts into content scanned by the link validator component...

HTML Injection

twisted is vulnerable to an HTML injection. The vulnerability is due to improper sanitization of the redirect URL which attackers can exploit to inject malicious scripts into the web page. potentially leads to Reflected Cross-Site Scripting XSS in the redirect response HTML body...

HTML Injection

Apache Syncope is vulnerable to HTML injection. The vulnerability is due to improper input validation, allowing HTML tags to be added to any text field, leading to potential injections. Attackers can use this to inject malicious HTML or scripts, which could compromise user data and application...

Microsoft Edge (Chromium-Based) Spoofing Vulnerability - Jul24

Microsoft Edge Chromium-Based is prone to a spoofing vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross Site Scripting

decidim-admin is vulnerable to Cross Site Scripting. The vulnerability is due to lack of input validation while modifying some records being uploaded to the server. An attacker can exploit this by altering records that get uploaded, leading to the execution of malicious scripts in the admin panel...

Cross-Site Scripting (XSS)

railsadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly-escaped HTML title attributes in the RailsAdmin list view, which can allow attackers to inject malicious scripts. Note: While 3.1.3 is the safe version, its recommended to upgrade to 3.1.4 as the 3.1.3...

CVE-2024-37173 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-34685 [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor

Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application but it has a...

PT-2024-21328 · Unknown · Wrapper Extensions

Name of the Vulnerable Software and Affected Versions: Wrapper extensions affected versions not specified Description: The issue arises from inadequate input validation in the wrapper extensions, leading to Cross-Site Scripting XSS vectors. XSS is a type of security vulnerability that allows an...

Cross-site Scripting (XSS)

TYPO3 CMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to failing to properly encode user input in multiple areas of the CMS, allowing attackers to inject malicious scripts...

Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...

Microweber 2.0.15 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Microweber Exploit Author: tmrswrr Vendor Homepage: https://microweber.me/ Version: 2.0.15 Tested on: http://active.demo.microweber.me/ Vulnerability Description A Stored Cross-Site Scripting XSS vulnerability has been identified in Microweber version 2.0.15. This...

Fides Security Vulnerabilities

Ethyca Fides is an open source privacy engineering platform from Ethyca that manages the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.39.1. An attacker...