Adobe Experience Manager 安全漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in versions of a-blog cms before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, before Ver.2.10.53, which originated from a vulnerability that could allow an attacker to log in to the product and execute...

CVE-2024-23191

Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured...

PT-2024-19707 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue allows an attacker to manipulate upsell shop information of an account to execute script code in the context of the user's brows...

Open-Xchange App Suite 跨站脚本漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that stems from an embedded content reference in a task that can be used to temporarily execute script code in the context of a user's...

JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79...

PT-2024-19708 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Upsell advertisement information of an account can be manipulated to execute script code in the context of the user's browser session. To exploit this, ...

WordPress plugin Survey Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-2435

This CVE affects Temporal UI Server (github.com/temporalio/ui-server). The vulnerability is an XSS in the timeline page that displays workflow execution details, triggered when an attacker sends a signal to a workflow with a crafted signal name. The root cause is insufficient sanitization of the ...

JetBrains TeamCity AgentDistributionSettingsController Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

Ampache 安全漏洞

Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in /preferences.php?action=adminupdatepreferences, which can be...

IBM QRadar SIEM 跨站脚本漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-28034

The CVE-2024-28034 entry describes a cross-site scripting (CWE-79) vulnerability in Mini Thread Version 3.33βi. An arbitrary script could be executed in the browser of users visiting a site that uses this product. The focal product is Mini Thread 3.33βi; the root cause and exact vulnerable compon...

Mini Thread vulnerable to cross-site scripting

Overview Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of...

PT-2024-21278 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site scripting vulnerability exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users...

TvRock 安全漏洞

TvRock is a tool for setting timers to record for television programs from TvRock, Inc. A security vulnerability exists in TvRock version 0.9t8a, which originates from a vulnerability that allows an attacker to execute arbitrary scripts on the web browser of a user who visits a website that uses...