Cross-site Scripting (XSS)

tribalsystems/zenario is vulnerable to Cross-site Scripting XSS via the Tree Explorer tool. An attacker can inject malicious scripts that can be executed in the context of the user's browser by crafting malicious input...

Reflected Cross-Site Scripting (Reflected XSS)

nautobot is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper handling and escaping of user-provided query parameters, allowing a maliciously crafted Nautobot URL to potentially execute malicious scripts against users...

Seers | GDPR & CCPA Cookie Consent & Compliance < 8.1.1 - Cross-Site Request Forgery

Description The Seers | GDPR & CCPA Cookie Consent & Compliance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.1.0. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated...

Cross Site Scripting

github.com/apache/incubator-answer is vulnerable to Cross Site Scripting. The vulnerability is due to improper neutralization of input during web page generation when user modifies their personal website. This allows attackers to inject malicious scripts into the website, which could be executed ...

Prototype Pollution

@andrei-tatar/nora-firebase-common is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the updateState parameter in the updateStateInternal method. This allows remote attackers to execute malicious scripts, resulting in Arbitrary Code Execution...

CVE-2024-3323

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

Cross-site Scripting (XSS)

Apache Zeppelin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding or escaping of output in the helium module. An attacker can modify helium.json and perform attacks on normal users by injecting malicious scripts...

GHSA-59VF-HJXC-F9C5 Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

CVE-2024-20759

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

CVE-2024-20759 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

CVE-2024-26098

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26122

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26097

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26084

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26079

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-20778

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-20778

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26097

CVE-2024-26097 affects Adobe Experience Manager versions 6.5.19 and earlier, with a stored XSS vulnerability in vulnerable form fields that could allow malicious JavaScript to execute in a user’s browser. The underlying issue is a stored XSS in the affected input handling. Remediation is to updat...

CVE-2024-26087

Adobe Experience Manager 6.5.19 and earlier are affected by a stored XSS vulnerability in vulnerable form fields (CVE-2024-26087). Root cause: stored XSS allowing injection of malicious scripts, leading to JavaScript execution in the victim’s browser when visiting a page containing the vulnerable...