CVE-2024-37063

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-79
View all →

Vulnerability Description

A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

Related Vulnerabilities

CVE-2017-18831

HIGH
CVSS:7.8(High)

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F be...

CWE-792017

CVE-2018-11449

HIGH
CVSS:7.8(High)

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires ...

CWE-792018

CVE-2020-25399

HIGH
CVSS:7.8(High)

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.

CWE-792020

CVE-2021-33025

HIGH
CVSS:7.8(High)

xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.

CWE-792021

CVE-2021-35227

HIGH
CVSS:7.8(High)

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.

CWE-792021

CVE-2021-3741

HIGH
CVSS:7.8(High)

A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malici...

CWE-792021