PT-2024-27854 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability that occurs through the /admin/BackupTemplate endpoint, specifically in the name and description fields. This could allow a remote user to...

PT-2024-27822 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It occurs through the /admin/SystemConfiguration endpoint, specifically in the name and free memory limit fields, and the type and password...

PT-2024-27825 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability, which occurs through the /admin/DeviceReplication endpoint, specifically in the execution range field, and affects all parameters. This cou...

PT-2024-22676 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.10 Xibo versions prior to 4.0.9 Xibo version 1.8 Xibo version 2.3 Description: Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected...

The vulnerability of the OpenNMS Meridian and Horizon network monitoring systems lies in the lack of security measures taken to protect the structure of the web pages. This allows attackers to gain unauthorized access to the protected information related to sessions.

The vulnerability of the OpenNMS Meridian and Horizon network monitoring systems exists due to the lack of measures taken to protect the structure of the web pages. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information related to sessions...

CVE-2024-31204 mailcow Cross-site Scripting Vulnerability via Exception Handler

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEVMODE. The system saves...

PT-2024-23848 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow versions prior to 2024-04 Description: A security issue has been identified in the exception handling mechanism of mailcow, specifically when not operating in DEV MODE. The system saves exception details into a session array without...

SUSE CVE-2024-27935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

CVE-2024-29879

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29877

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expensecategoryname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29878

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29877

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expensecategoryname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29878

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29879 Cross-Site Scripting (XSS) vulnerability in Sentrifugo

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29879 Cross-Site Scripting (XSS) vulnerability in Sentrifugo

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29878

Vulnerability: CVE-2024-29878 affects Sentrifugo 3.2. The XSS is in the description parameter of /sentrifugo/index.php/sitepreference/add. An attacker can craft a URL to execute arbitrary script in the victim’s browser and steal session data. Root cause: insufficient input validation/escaping for...

CVE-2024-29877 Cross-Site Scripting (XSS) vulnerability in Sentrifugo

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expensecategoryname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-29877

Sentrifugo 3.2 is affected by a Cross-Site Scripting (XSS) vulnerability in the endpoint /sentrifugo/index.php/expenses/expensecategories/edit, via the expense_category_name parameter. The issue arises from insufficient input filtering/escaping, enabling a remote attacker to craft a URL that coul...

CVE-2024-29877 Cross-Site Scripting (XSS) vulnerability in Sentrifugo

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expensecategoryname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

PT-2024-23101 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: A Cross-Site Scripting XSS issue exists, allowing a remote user to send a specially crafted URL to the victim and steal their session data. This is achieved through the...