CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

MeterSphere 跨站脚本漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

PT-2024-26106 · Sap · Sap Crm Webclient Ui

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI affected versions not specified Description: The issue arises due to insufficient input validation, allowing an unauthenticated attacker to craft a URL link that embeds a malicious script. When a victim clicks on this lin...

Exploit for OS Command Injection in Php

CVE-2024-4577 Vulnerability Checker This script is designed t...

GHSA-5PXR-7M4J-JJC6 Cross-site scripting (XSS) vulnerability in Description metadata

Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript JS scripts into the body HTML. an XSS Cross-Site Scripting vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS...

CVE-2024-36773

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php...

CVE-2024-37160

Formwork CVE-2024-37160 concerns the Formwork flat-file CMS. The vulnerability is an XSS flaw exploitable when an administrator modifies site options via /panel/options/site, allowing injection of scripts that can affect visitors across most pages (dashboard excluded). Affected component is descr...

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. The vulnerability is exploited by attackers to execute arbitrary web script or HTML via a specially crafted...

CVE-2024-36775

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...

Mageia: Security Advisory (MGASA-2024-0209)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libreoffice packages fix security vulnerability

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

MGASA-2024-0209 Updated libreoffice packages fix security vulnerability

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 Note that Nessus has not tested for this issue but...

JetBrains TeamCity OAuth Connection Setup Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

JetBrains TeamCity Subscription Page Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

JetBrains TeamCity Issue Tracker Integrates Cross-Site Scripting Vulnerabilities

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

CVE-2024-35504

A cross-site scripting XSS vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt...

JFinalCMS Cross-Site Scripting Vulnerability (CNVD-2024-26516)

JFinalCMS is a content management system. JFinalCMS 20221020 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the file /admin/content parameter Title of the user-supplied data lack of effective filtering and escaping, an attacker can use this vulnerability...

FineSoft 安全漏洞

FineSoft is an application. A security vulnerability exists in FineSoft version v8.0 that stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML via a crafted payload...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...