CVE-2024-12089

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-12091

A stored Cross-site Scripting (XSS) vulnerability affects Dassault Systèmes ENOVIA Collaborative Industry Innovator (3DEXPERIENCE) versions R2022x through R2024x. The issue arises from unsanitized/stored input allowing an attacker to execute arbitrary script in a user’s browser session. Affected ...

Online Nurse Hiring System 安全漏洞

PHPGurukul Online Nurse Hiring System is an online nurse hiring system from PHPGurukul. A security vulnerability exists in Online Nurse Hiring System version v1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an essential toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

SUSE CVE-2024-52309

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

Summary pnpm seems to mishandle overrides and global cache: 1. Overrides from one workspace leak into npm metadata saved in global cache 2. npm metadata from global cache affects other workspaces 3. installs by default don't revalidate the data including on first lockfile generation This can make...

Unrestricted Script Execution

github.com/drakkan/sftpgo is vulnerable to unrestricted script execution. The vulnerability is due to lack of proper access control over script execution, which allows administrators to execute system commands without restrictions, which can lead to unintended access to the underlying OS/containe...

PT-2024-9713 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. This cou...

Adobe Connect <= 11.4.7 Multiple Vulnerabilities (APSB24-99)

The version of Adobe Connect installed on the remote host is prior to 11.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-99 advisory. - Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that coul...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

Cross-site Scripting (XSS)

Overview mojo42/jirafeau is a provides a simple way to upload a file. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the manipulation of MIME types during the upload process. An attacker can execute scripts in the context of the user's browser session. Details...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Display Name parameter. An attacker can execute arbitrary web scripts or HTML by...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-50677

CVE-2024-50677 describes a cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 where an attacker can inject a crafted payload into the Search parameter to execute arbitrary web scripts or HTML. The root cause is improper handling/validation of user input in the search functionality, ...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...