CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web...

Microsoft Edge (HTML-based) Memory Corruption Vulnerability (CNVD-2024-39661)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A memory corruption vulnerability exists in Microsoft Edge HTML-based, which can be exploited by an attacker to execute arbitrary code on a system...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : WebKitGTK vulnerabilities (USN-6788-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6788-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, ...

Mozilla Firefox Spoofing Vulnerability (CNVD-2024-23343)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks by convincing a victim to visit a specially crafted Web site...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox for Android suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks by convincing a victim to visit a specially crafted Web site...

CVE-2024-28761 IBM App Connect Enterprise HTML injection

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force I...

Why Browser Security Matters More Than You Think

By Uzair Amir Your web browser serves as the gateway to the internet, but it also acts as a potential entry point for cybercriminals to access your computer and smartphone. This is a post from HackRead.com Read the original post: Why Browser Security Matters More Than You Think...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

USN-6545-1 webkit2gtk vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

Cross site scripting

Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...

CVE-2023-38883

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...

CVE-2023-43729

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "xselltypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-43724

Os Commerce is affected by a Cross-Site Scripting (XSS) vulnerability (CVE-2023-43724) that is described as a reflected XSS. The vulnerability stems from unsanitized input, allowing an attacker to inject JavaScript via the parameter derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name...

PT-2023-28922 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the title parameter. This potentially leads to unauthorized execution of scripts...

USN-6264-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

IBM Cognos Analytics Multiple Vulnerabilities (7012621)

The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x prior to 11.2.4 FP2. It is, therefore, affected by multiple vulnerabilities, including the following: - netplex json-smart-v2 is vulnerable to a denial of service, caused by not limitin...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox's handling of data, which can be exploited by a remote attacker to submit a specially crafted web request that the user can be tricked into parsing,...

K6999: Web browser domain-based security and discussion of ''double eval()'' and FP_DO_NOT_TOUCH tags VU#261869

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

Ubuntu: Security Advisory (USN-5797-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3853

CVE-2022-3853 describes a Cross-site Scripting (XSS) vulnerability in the WordPress plugin Supra CSV (≤ 4.0.3) caused by a stored XSS via CSRF. Affected component: Supra CSV WordPress plugin. Public references state the issue as stored XSS via CSRF; no explicit exploit details or in‑the‑wild expl...