PT-2023-28839

Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser version 6.65.022 dab24cc6 231221 gp Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivit...

PT-2023-32634 · Alkacon · Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon Software Open CMS versions 14 through 15 of the 'Mercury' template Description: A cross-site scripting XSS issue affects the software, allowing a remote attacker to send a specially crafted JavaScript payload to a victim, potentially...

PT-2023-32770 · Unknown · Amazing Little Poll

Name of the Vulnerable Software and Affected Versions: Amazing Little Poll versions 1.3 through 1.4 Description: The issue is a Stored XSS vulnerability that allows a remote attacker to store a malicious JavaScript payload in the "lp admin.php" file using the question and item parameters. This...

CVE-2023-48042

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

CVE-2023-1720

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...

Roundcube Webmail Cross-Site Scripting Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.4.15, 1.5.5, and 1.6.4, which stems from a security issue in...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...

PT-2023-19912 · Clevertap · Clevertap Cordova Plugin

Name of the Vulnerable Software and Affected Versions: CleverTap Cordova Plugin version 2.6.2 Description: The CleverTap Cordova Plugin does not correctly validate the data coming from deeplinks before using them, allowing a remote attacker to execute JavaScript code in any application that is...

UBUNTU-CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

CVE-2023-34835

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable deletefile parameter...

MicroWorld Technologies eScan Management Console 跨站脚本漏洞

MicroWorld Technologies eScan Management Console is an eScan management console from MicroWorld Technologies, Inc. A cross-site scripting vulnerability exists in Microworld Technologies eScan Management console version v.14.0.1400.2281, which originates from a vulnerability that allows remote...

DEBIAN-CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

PT-2023-18612 · Apache +1 · Apache Jena +1

Name of the Vulnerable Software and Affected Versions: Apache Jena versions 3.7.0 through 4.8.0 Description: The issue is related to insufficient checking of user queries and restrictions of called script functions in Apache Jena, allowing a remote user to execute arbitrary javascript via a SPARQ...

AXIS 207W 跨站脚本漏洞

The AXIS 207W is a web camera from AXIS Sweden. The AXIS 207W network camera suffers from a cross-site scripting vulnerability that originates from a Reflected Cross-Site Scripting XSS vulnerability in the Web Management Portal, which can be exploited by a remote attacker to execute arbitrary...

SUSE CVE-2005-1937

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...

SUSE CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

SUSE CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

SUSE CVE-2008-3835

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors...

SUSE CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...