Unrestricted Script Execution

github.com/drakkan/sftpgo is vulnerable to unrestricted script execution. The vulnerability is due to lack of proper access control over script execution, which allows administrators to execute system commands without restrictions, which can lead to unintended access to the underlying OS/containe...

PT-2024-9713 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. This cou...

Adobe Connect <= 11.4.7 Multiple Vulnerabilities (APSB24-99)

The version of Adobe Connect installed on the remote host is prior to 11.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-99 advisory. - Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that coul...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

Cross-site Scripting (XSS)

Overview mojo42/jirafeau is a provides a simple way to upload a file. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the manipulation of MIME types during the upload process. An attacker can execute scripts in the context of the user's browser session. Details...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Display Name parameter. An attacker can execute arbitrary web scripts or HTML by...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-50677

CVE-2024-50677 describes a cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 where an attacker can inject a crafted payload into the Search parameter to execute arbitrary web scripts or HTML. The root cause is improper handling/validation of user input in the search functionality, ...

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

Veeam Backup and Replication 12.x < 12.3.0.310 Multiple Vulnerabilities (December 2024) (KB4693)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.0.310. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server...

CVE-2024-53470

CVE-2024-53470 involves multiple stored XSS vulnerabilities in WeGIA v3.2.0, specifically in the component /configuracao/gateway_pagamento.php. The issue allows injection of arbitrary web scripts or HTML via the id or name parameter, with the root cause identified as stored XSS. The provided docu...

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...