JVN#28869536: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail CWE-231 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API CWE-201...

Phormer vulnerable to cross-site scripting

Overview Phormer contains a cross-site scripting vulnerability CWE-79. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on t...

Dell OpenManage Enterprise Cross-Site Scripting Vulnerability

Dell OpenManage Enterprise is an easy-to-use, one-to-many systems management console for IT infrastructure management from Dell. The software supports cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. A cross-site scripting vulnerability exist...

CVE-2024-32674

Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

CVE-2024-32674

Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

WordPress Plugin Heator Social Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-30531 · Unknown · Trix Editor

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.4 Description: The issue is related to a bypass of a previous fix, allowing an attacker to execute arbitrary JavaScript code within the context of the user's session when pasting malicious code. This occurs...

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

CVE-2024-23186

Summary: CVE-2024-23186 affects Open-Xchange Open-Xchange App Suite (see connected sources). An email contains malicious display-name information that can trigger client-side script execution on specific mobile devices, enabling attackers to perform malicious API requests or extract data from use...

NETIS SYSTEMS MEX605 安全漏洞

NETIS SYSTEMS MEX605 is a wireless device from NETIS SYSTEMS, Inc. A security vulnerability exists in the NETIS SYSTEMS MEX605 version v2.00.06, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a...

NETIS SYSTEMS MEX605 安全漏洞

NETIS SYSTEMS MEX605 is a wireless device from NETIS SYSTEMS, Inc. A security vulnerability exists in the NETIS SYSTEMS MEX605 version v2.00.06 that stems from the presence of a cross-site scripting XSS vulnerability, which could allow an attacker to execute arbitrary web script or HTML...

CVE-2024-33792

CVE-2024-33792 affects netis-systems MEX605 v2.00.06. A crafted payload to the tracert page allows an attacker to execute arbitrary OS commands (also described as an XSS vulnerability in some sources). The root cause centers on input handling on the tracert page leading to command execution/scrip...

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the contex...

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple version v5.15. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2024-24950)

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...

yapi 安全漏洞

YMFE YApi is a visual interface management platform from YMFE, Inc. A security vulnerability exists in yapi version v1.10.2, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted...

MiniCMS 安全漏洞

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...