CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

PT-2024-35169 · Sftpgo · Sftpgo

Name of the Vulnerable Software and Affected Versions: SFTPGo versions prior to 2.6.3 Description: SFTPGo has a feature that allows the EventManager to execute scripts or run applications in response to certain events. However, any SFTPGo administrator with permission to run a script has access t...

CVE-2024-48535

A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

PT-2024-34786 · Seo Free · Seo Free

Name of the Vulnerable Software and Affected Versions: Seo Free versions n/a through 1.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also stor...

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

FitNesse 安全漏洞

FitNesse is a fully integrated standalone acceptance testing framework and wiki open-sourced by Robert C. Martin. A security vulnerability exists in versions prior to FitNesse 20241026, which stems from the presence of a cross-site scripting vulnerability that could allow an attacker to execute...

CVE-2024-48068

CVE-2024-48068 concerns a cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co., LTD Landray EKP v16 and earlier. The issue allows an attacker to execute arbitrary web scripts or HTML via a crafted payload. Affected product: Landray EKP v16 and earlier (Office automation solut...

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group,...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. Salt has a security vulnerability that stems from the Salt-SSH preflight option copying scripts to predictable paths to the target, which allows an attacker to forc...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows remote attackers to execute arbitrary...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Create User process, which involves uploading a profile image. An attacker can exploit this by uploading a malicious SVG file containing a maliciously crafted script, which executes when the profile...

PT-2024-34473 · Unknown · Ferozo Webmail

Name of the Vulnerable Software and Affected Versions: Ferozo Webmail version 1.1 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary scripts. Recommendations: For Ferozo Webmail version 1.1, at the moment, there is no information about a newer version that contain...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Online Shopping Portal dom_data.php file cross-site scripting vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...

Online Shopping Portal /admin/assets Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a cross-site scripting vulnerability that originates from the parameter scripts in file /admin/assets/plugins/DataTables/media/unittesting/templates/complexheader2.php that is not validly filtered and escaped by...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-20511

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT version 20240802 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escapin...