IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2024-25255)

IBM Engineering Workflow Management is an enterprise-level engineering workflow management system that provides process management, task assignment, and more. A cross-site scripting vulnerability exists in IBM Engineering Workflow Management versions 7.0.2 and 7.0.3 that stems from insufficient...

Laboratory Management System 安全漏洞

Laboratory Management System is a laboratory management system by oretnom23 individual developer. A security vulnerability exists in Laboratory Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into...

WBSAirback cross-site scripting vulnerability (CNVD-2024-27119)

WBSAirback is a next generation storage and backup system from WBSAirback. A cross-site scripting vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...

CVE-2024-3066

The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

TOTOLINK X2000R Cross-Site Scripting Vulnerability

TOTOLINK X2000R is a WiFi6 wireless router from China's Gion Electronics TOTOLINK that supports Gigabit network and EasyMesh function with multi-device connectivity and wireless expansion capability. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the...

CVE-2024-33528

CVE-2024-33528 is a Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7.x before 7.30 and 8.x before 8.11. Remote authenticated attackers with tutor privileges can inject arbitrary web script or HTML via XML file uploads. Root cause relates to how XML uploads are processed (stored XSS). Im...

Cybozu Garoon cross-site scripting vulnerability (CNVD-2024-29671)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon. The vulnerability stems from the application's lack...

CVE-2024-34224

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters...

CVE-2024-34225

Cross Site Scripting vulnerability in php-lms/admin/?page=systeminfo in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters...

CVE-2024-34224

This CVE affects Computer Laboratory Management System (version 1.0) with a Cross Site Scripting vulnerability in the endpoint /php-lms/classes/Users.php?f=save. The vulnerability allows remote attackers to inject arbitrary web script or HTML through the firstname, middlename, or lastname paramet...

Cross-site Scripting (XSS)

Buildbot is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper santization within the waterfall web status view status/web/waterfall.py, enabling remote attackers to inject arbitrary web script or HTML...

Cross-site Scripting (XSS)

Buildbot is vulnerable to Cross-Site Scripting XSS vulnerabilities. The vulnerability is due to improper sanitization, allowing remote attackers to inject arbitrary web script or HTML...

Dell OpenManage Enterprise Cross-Site Scripting Vulnerability

Dell OpenManage Enterprise is an easy-to-use, one-to-many systems management console for IT infrastructure management from Dell. The software supports cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. A cross-site scripting vulnerability exist...

CVE-2024-3729

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...

CVE-2024-3729 Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...

CVE-2024-3729

The CVE-2024-3729 issue affects the Frontend Admin by DynamiApps WordPress plugin. It is caused by improper missing encryption exception handling in the fea_encrypt function, and is exploitable on all versions up to and including 3.19.4 when the OpenSSL PHP extension is not loaded. This allows un...

Dell OpenManage Enterprise 跨站脚本漏洞

Dell OpenManage Enterprise is an easy-to-use, one-to-many systems management console for IT infrastructure management from Dell. The software supports cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. A cross-site scripting vulnerability exist...

CVE-2024-3560

Analysis of CVE-2024-3560 (LearnPress – WordPress LMS Plugin) Affected software and issue: LearnPress WordPress LMS Plugin (all versions up to and including 4.2.6.4) shows stored cross‑site scripting (XSS) via the _id attribute. The root cause is insufficient input sanitization and output escapin...

CVE-2024-32337

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, allowing an attacker to inject arbitrary script or HTML via a crafted payload in the ADMIN LOGIN URL parameter under the Security module. The CVE is CVE-2024-32337. Affected component: Settings → S...

MindsDB Cross-Site Scripting Vulnerability (CNVD-2024-26182)

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. MindsDB suffers from a cross-site scripting vulnerability. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute...