CVE-2023-38219

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious...

CVE-2023-38219 Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79) - Customer to Admin stored XSS with Gift wrapping

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious...

1E Client Security Vulnerability

1E Client is an agent-less endpoint management software from 1E Client USA. A security vulnerability exists in 1E Client that originates from allowing an attacker to corrupt command resource files by replacing commands with malicious scripts...

PT-2023-29169 · Unknown · Leap Contractor Contact Form Website To Workflow Tool

Name of the Vulnerable Software and Affected Versions: Leap Contractor Contact Form Website to Workflow Tool plugin versions prior to 4.0.0 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a...

Cross site scripting

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MAXDISPLAYNEWPRODUCTSTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43309

There is a stored cross-site scripting XSS vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload...

CVE-2023-40983

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file...

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

CVE-2023-40983

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file...

CVE-2023-40983

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file...

Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers,...

WordPress Forminator Plugin < 1.14.12 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:incsub:forminator"; if description...

PT-2023-27316 · Devaldi · Flowpaper Plugin

Name of the Vulnerable Software and Affected Versions: Devaldi Ltd flowpaper plugin versions = 1.9.9 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the Devaldi Ltd flowpaper plugin. This vulnerability requires authentication and is limited to use...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 - WinRAR File Extension Spoofing Vulnerability...

WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders

A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch...

GHSA-6XCX-GX7R-RCCJ Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint

Summary In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license view that does not exist. Details In the /license/ endpoint, the licensedetailsview...

Theft of Arbitrary Files due to execution of attacker scripts from BashAssociation.kt

Description Tested on Build87 of the Inure application. It was discovered that the application had an exported activity app.simple.inure.activities.association.BashAssociation which accepted intent data via the file scheme + text/x-shellscript mime type and executed the commands contained within...

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

CVE-2023-26447

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering...

CVE-2023-28014

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application...