(0Day) Corel PaintShop Pro TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

(0Day) Corel PaintShop Pro PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

(0Day) Corel PaintShop Pro PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

(0Day) Corel PaintShop Pro PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Flexense DiskBoss Denial of Service Vulnerability

DiskBoss is a disk space utilization analysis tool that supports features such as file synchronization and data migration. DiskBoss suffers from a denial of service vulnerability that originates from a network system or product that does not properly validate incoming data, and an attacker may be...

(0Day) Corel PaintShop Pro TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel PaintShop Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

GHSA-VCJJ-XF2R-MWVC XSS in knockout

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...

XSS in knockout

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

pki-core cross-site scripting vulnerability (CNVD-2020-27179)

pki-core is a library that provides an API for PKI operations. A cross-site scripting vulnerability exists in pki-core. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2020-22194)

IBM WebSphere Application Server Liberty is a U.S. IBM company built on the Open Liberty project on top of the Java application server . A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty. The vulnerability stems from a lack of proper validation of client-side...

Versiant LYNX Customer Service Portal Cross-Site Scripting Vulnerability

Versiant LYNX Customer Service Portal CSP is a customer service portal system from Versiant USA. A cross-site scripting vulnerability exists in Versiant LYNX Customer Service Portal CSP version 3.5.2. The vulnerability stems from a lack of proper validation of client data by the web application. ...

Intland Software codeBeamer Cross-Site Scripting Vulnerability

Intland Software codeBeamer is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A cross-site scripting vulnerability exists in Intland Software...

Sunnet eHRD Cross-Site Scripting Vulnerability

Sunnet eHRD is a talent management system from Sun Chat Technology Company in Taiwan, China. The system supports talent management and performance management, etc. A cross-site scripting vulnerability exists in Sunnet eHRD. The vulnerability stems from the lack of proper validation of client-side...

Micro Focus Vibe Cross-Site Scripting Vulnerability (CNVD-2020-20429)

Micro Focus Vibe is a team collaboration management solution from Micro Focus UK. The solution has features such as file sharing, building dynamic forms and workflows. A cross-site scripting vulnerability exists in Micro Focus Vibe version 4.0.6. The vulnerability stems from the WEB application...

Piwigo Cross-Site Scripting Vulnerability (CNVD-2020-24036)

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A cross-site scripting vulnerability exists in Piwigo version 2.10.1. The vulnerability stems from the lack of proper validation of...

Dart Cross-Site Scripting Vulnerability

Dart is an open source programming language. A cross-site scripting vulnerability exists in Dart. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

CloudBees Jenkins RapidDeploy plugin cross-site scripting vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . RapidDeploy Plugin is used in one of the...

Mozilla Bleach Cross-Site Scripting Vulnerability

Mozilla Bleach is an HTML cleanup library from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in bleach.clean in Mozilla Bleach versions prior to 3.12. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

Dell RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2020-23206)

Dell RSA Authentication Manager is a centralized suite of binary authentication software from Dell, Inc. The software centralizes the management of binary identities, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in Dell RSA Authentication...