11 matches found
GHSA-WXM4-9F8P-GGGV Flowise Cross-site Scripting in/api/v1/credentials/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...
GHSA-858C-QXVX-RG9V Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...
TA445 Targeting Government and Military Sectors in Ukraine and Poland
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA455 conducts ongoing campaigns targeting government entities, military organizations, and civilians in Ukraine and Poland to steal information and establish remote access, using multi-stage infection...
Mastery LMS 1.2 Cross Site Scripting
Exploit Title: Mastery LMS 1.2 - Reflected XSS Exploit Author: CraCkEr Date: 09/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/mastery/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Allow...
GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Date: 30/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content ...
Rocket LMS 1.7 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Security Bulletin: IBM Event Streams could allow a remote attacker to bypass security restrictions by modifying the UI session cookie
Summary IBM Event Streams could allow a remote attacker to bypass security restrictions after authenticating with Event Streams. By modifying the UI session cookie, it may be possible for a remote attacker to steal user and session information that was sent during an encrypted session...
DSA-2227-1 iceape - several
Bulletin has no description...
Google Chrome PDF Javascript Security Bypass Vulnerability
The host is installed with Google Chrome and is prone to PDF Javascript Security Bypass Vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromepdfjsrestbypassvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome PDF Javascript Security Bypass Vulnerability Authors: Sujit Ghosal...
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)
A number of vulnerabilities have been discovered in the Mozilla Firefox browser that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other...
cross-site scripting through window.controllers — Mozilla
shutdown demonstrated how to use the window.controllers array to bypass same-origin protections, allowing a malicious site to inject script into content from another site. This could allow the malicious page to steal information such as cookies or passwords from the other site, or perform...