SeedDMS cross-site scripting vulnerability (CNVD-2024-41051)

SeedDMS is SeedDMS open source PHP and MySql based on a set of open source document management system . The system is mainly used to store and share documents . SeedDMS v6.0.28 version of the existence of cross-site scripting vulnerability , the vulnerability stems from the application of the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interface strings for dates. An attacker can execute arbitrary scripts in the context of the user's browser by embedding malicious payloads in these messages. Details Cross-site scripting or XSS is a cod...

firefox: thunderbird: Cross-origin access to PDF contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2557)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2583)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2529)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

Zenario CMS 安全漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system . A cross-site scripting vulnerability exists in Zenario CMS version 9.7.61188, which stems from the lack of effective filtering and escaping of user-supplied data in the "Organizer tags" field and c...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

CVE-2024-41930

Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

Advantech ADAM-5550 跨站脚本漏洞

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from a cross-site scripting vulnerability that stems from the device failing to properly eliminate malicious code when parsing HTTP requests to generate page output. An attacker can...

kvf-admin 跨站脚本漏洞

kvf-admin is a rapid development framework, scaffolding, backend management system, permission system. kvf-admin cross-site scripting vulnerability , the vulnerability stems from the file / ueditor/upload?configPath=ueditor/config.json&action=uploadfile parameter upfile lack of effective filterin...

CVE-2024-45836

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

PT-2024-31801 · Planex Communications · Planex Communications Network Cameras

Name of the Vulnerable Software and Affected Versions: PLANEX COMMUNICATIONS network cameras affected versions not specified Description: A cross-site scripting issue exists in the web management page of the network cameras. If a logged-in user accesses a specific file, an arbitrary script may be...

Ellevo 安全漏洞

Ellevo is an enterprise process-oriented software from Ellevo. A cross-site scripting vulnerability exists in Ellevo version 6.2.0.38160, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web...

Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Overview Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-45372 Cross-site scripting vulnerability in the web management page CWE-79 - CVE-2024-45836...

JVN#81966868: Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Base Score 7.1 CVE-2024-45372 Cross-site scripting vulnerability in the web...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE, which originated. An attacker could exploit the vulnerability to execute arbitrary script code within a user's browser session...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE. An attacker could exploit the vulnerability to execute arbitrary script code within a user's browser session...