The vulnerability of Huawei’s mobile phone software, which stems from insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of Huawei’s mobile phone software exists due to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Serpico Cross-Site Scripting Vulnerability (CNVD-2020-03851)

Serpico is a penetration test report generation and collaboration tool. A cross-site scripting vulnerability exists in admin/adduser/UID in Serpico version 1.3.0, which stems from the lack of proper validation of client-side data in a WEB application and can be exploited by an attacker to execute...

Xen Denial of Service Vulnerability (XSA-301)

According to its self-reported version number, the Xen Hypervisor installed on the remote host is affected by a denial of service vulnerability due to improper validation of input data. An authenticated, remote attack can exploit this, via a specially crafted hypercall followed by an access to an...

Cayin SMP-PRO4 Cross-Site Scripting Vulnerability

The Cayin SMP-PRO4 is a digital signage player. A cross-site scripting vulnerability exists in Cayin SMP-PRO4. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

WordPress ultimate-weather cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Give is a fundraising platform plugin used in it. ghost is a plugin used in it for importing/exporting WordPress data. A cross-site...

TaskCanvas Denial of Service Vulnerability

TaskCanvas is a program that tracks computer usage. TaskCanvas suffers from a denial of service vulnerability that arises from a networked system or product that does not properly validate incoming data, which could be exploited by an attacker to cause a denial of service condition that denies...

SpotOutlook Denial of Service Vulnerability

SpotOutlook is a password recovery software. SpotOutlook suffers from a denial of service vulnerability that originates when a network system or product does not properly validate incoming data, which can be exploited by an attacker to cause a denial of service condition that denies service to a...

CVE-2018-12020

A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could ha...

Juniper Networks Junos OS Cross-Site Scripting Vulnerability (CNVD-2020-03713)

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A cross-site scripting vulnerability exists in J-Web in Juniper Networks Junos OS, which arises from a lack of proper...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-01243)

Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-01244)

Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...

Mozilla Firefox and Mozilla Firefox ESR Cross-Site Scripting Vulnerability (CNVD-2020-01175)

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A cross-site scripting vulnerability exists in Mozilla Firefox ESR versions prio...

Fileview Cross-Site Scripting Vulnerability

fileview package is a file viewer. A cross-site scripting vulnerability exists in fileview package version v0.1.6. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side code...

WordPress spreadshirt-rss-3d-cube-flash-gallery cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. spreadshirt-rss-3d-cube-flash-gallery is an image gallery plugin used in it. A cross-site scripting vulnerability exists in WordPress...

Codoforum cross-site scripting vulnerability (CNVD-2020-03271)

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 4.8.3. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side...

Codoforum cross-site scripting vulnerability (CNVD-2020-03270)

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in the admin dashboard in Codoforum version 4.8.3. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability t...

Determine Contract Lifecycle Management Cross-Site Scripting Vulnerability

Determine Contract Lifecycle Management CLM is a suite of enterprise contract lifecycle management solutions from Determine Corporation. A cross-site scripting vulnerability exists in the getchart.jsp file in Determine CLM version 5.4, which stems from the lack of proper validation of client-side...

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...

CVE-2019-14862

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...

Design/Logic Flaw

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...