CVE-2023-32289

The affected application lacks proper validation of user-supplied data when parsing project files e.g.., CSP. This could lead to an out-of-bounds read in IOCFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

Debian: Security Advisory (DSA-2044-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LibreNMS 跨站脚本漏洞

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS v22.3.0 version contains a cross-site scripting vulnerability that originates from the...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable charting/whiteboard visualization application for JGraph. versions prior to JGraph draw.io 18.0.4 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could explo...

Vendure 跨站脚本漏洞

Vendure is a headless GraphQL eCommerce framework based on Node.js and Nest ＆ TypeScript, focused on developer productivity and easy customization. version 0.1.0-alpha.2 to 1.5.1 of Vendure is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation...

REDCap 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions of REDCap prior to 11.4.0, which stems from a lack of data validation filtering of user-supplied data and output in the missing data code functionality of the program. An attacker could exploit this vulnerability to execute JavaScript code o...