PT-2024-19707 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue allows an attacker to manipulate upsell shop information of an account to execute script code in the context of the user's brows...

Open-Xchange App Suite 跨站脚本漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that stems from an embedded content reference in a task that can be used to temporarily execute script code in the context of a user's...

JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79...

PT-2024-19708 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Upsell advertisement information of an account can be manipulated to execute script code in the context of the user's browser session. To exploit this, ...

WordPress plugin Survey Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-2435

This CVE affects Temporal UI Server (github.com/temporalio/ui-server). The vulnerability is an XSS in the timeline page that displays workflow execution details, triggered when an attacker sends a signal to a workflow with a crafted signal name. The root cause is insufficient sanitization of the ...

JetBrains TeamCity AgentDistributionSettingsController Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

Ampache 安全漏洞

Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in /preferences.php?action=adminupdatepreferences, which can be...

IBM QRadar SIEM 跨站脚本漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-28034

The CVE-2024-28034 entry describes a cross-site scripting (CWE-79) vulnerability in Mini Thread Version 3.33βi. An arbitrary script could be executed in the browser of users visiting a site that uses this product. The focal product is Mini Thread 3.33βi; the root cause and exact vulnerable compon...

Mini Thread vulnerable to cross-site scripting

Overview Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of...

PT-2024-21278 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site scripting vulnerability exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users...

TvRock 安全漏洞

TvRock is a tool for setting timers to record for television programs from TvRock, Inc. A security vulnerability exists in TvRock version 0.9t8a, which originates from a vulnerability that allows an attacker to execute arbitrary scripts on the web browser of a user who visits a website that uses...

Zerochannel 0ch BBS Script 安全漏洞

Zerochannel 0ch BBS Script is a bulletin board software from Zerochannel, Inc. A security vulnerability exists in Zerochannel 0ch BBS Script version ver.4.00, which originated from a vulnerability that allows an attacker to execute arbitrary scripts on the web browser of a user who visits a web...

JVN#46874970: 0ch BBS Script (0ch) vulnerable to cross-site scripting

0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be...

Testimonial Slider < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Testimonial Shortcode" 2. Ad...

OneBlog Lab Module Cross-Site Scripting Vulnerability

OneBlog is a Java blog. OneBlog v2.3.4 version of a cross-site scripting vulnerability , the vulnerability stems from the Lab module under the Category List parameter of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by injecting a...

GeoServer 安全漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective filtering and escaping of user-supplied...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics that supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion capabilities. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the application's lack of...