Cross-Site Scripting (XSS)

@ckeditor/ckeditor5-real-time-collaboration is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user markers in the real-time collaboration package, which can allow unauthorized JavaScript execution in certain editor and token endpoint configurations...

CKEditor 安全漏洞

CKEditor is an enterprise WYSIWYG editor in the CKEditor open source. A security vulnerability exists in CKEditor version 5, which stems from a cross-site scripting XSS vulnerability discovered in the Live Collaboration Pack that could lead to unauthorized JavaScript code execution...

CVE-2022-24814

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript JS can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script ta...

CVE-2024-45741 Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...

CVE-2024-45741 Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...

CVE-2024-45740 Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript cod...

CVE-2024-45740

CVE-2024-45740 affects Splunk Enterprise <9.2.3/9.1.6 and Splunk Cloud Platform

CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34268)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34270)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

CVE-2024-36993

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

CVE-2024-36992 Persistent Cross-site Scripting (XSS) in Dashboard Elements

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

PT-2024-27235 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207...

CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus

Impact Unauthorized JavaScript can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run an...

CVE-2022-24814 Cross-site Scripting in Directus

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript JS can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script ta...

CVE-2022-24814 Cross-site Scripting in Directus

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript JS can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script ta...

Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities: - Unauthorized javascript execution when disabled. - Arbitrary Write supporting remote code...