CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-6585

Multiple stored cross-site scripting “XSS” vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this...

USN-6843-1 plasma-workspace vulnerability

Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary code...

CVE-2024-3654

An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

CVE-2024-27455

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03...

CVE-2024-27455

The CVE-2024-27455 issue affects Bentley Assetwise ALIM Web and Assetwise Information Integrity Server. A configuration-related flaw can cause exposure of a user’s ALIM session token when downloading files. Affected versions are Assetwise ALIM Web prior to 23.00.04.04 and Assetwise Information In...

CVE-2024-27455

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03...

CVE-2023-6098

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

Cross site scripting

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

CVE-2023-6098 Cross-site Scripting on ICSSolution ICS Business Manager

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

CVE-2023-6098 Cross-site Scripting on ICSSolution ICS Business Manager

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

CVE-2023-6098

CVE-2023-6098 relates to an XSS vulnerability in ICS Business Manager, version 7.06.0028.7066. The flaw affects the obdd_act/obdd act parameter, enabling a remote attacker to steal an authenticated user’s session and perform actions within the application. Technical details across sources confirm...

CVE-2023-43325

A reflected cross-site scripting XSS vulnerability in the dataredirecturl parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...

CVE-2023-43326

A reflected cross-site scripting XSS vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...

Rocket.Chat Search Messages Cross-Site Scripting Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat Search Messages suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack a user's session when...

Cross site request forgery (csrf)

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited...

Security fix for the ALT Linux 10 package glpi version 9.5.10-alt1

Nov. 4, 2022 Pavel Zilke 9.5.10-alt1 - New version 9.5.10 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information +...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists in a website called window.print causing a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings...

Information disclosure

An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to...