5836 matches found
CVE-2019-14863
CVE-2019-14863 affects AngularJS: all versions before 1.5.0-beta.0 are vulnerable to cross-site scripting due to unvalidated data delivered with trusted dynamic content after escaping context. The CVE is referenced in multiple sources (e.g., Ubuntu USN-7958-1, IBM Security Bulletins). Impact is c...
CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
CVE-2019-14862
Knockout.js vulnerability (CVE-2019-14862). Affected: Knockout.js
CVE-2019-14862
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
CVE-2019-14862
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
(0Day) Microsoft Windows Media Player Mpeg Audio Codec Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Sencha Labs Connect Cross-Site Scripting Vulnerability
Sencha Labs Connect is an extensible HTTP server framework for Node.js. A cross-site scripting vulnerability exists in the 'connect.methodOverride' function in Sencha Labs Connect. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker cou...
SmokePing Cross-Site Scripting Vulnerability
SmokePing is a network monitoring software developed by Tobias Oetiker, a Swiss software developer. The program's function is to monitor network performance, including monitoring www server performance, monitoring DNS query performance, monitoring SSH performance and so on. A cross-site scripting...
WordPress Import Legacy Media Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Import Legacy Media is a media file import plugin used in it. A cross-site scripting vulnerability exists in WordPress Import Legacy...
WordPress WP-Planet Cross-Site Scripting Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP-Planet is one of the plugins used in it. WordPress WP-Planet 0.1 and earlier versions of the rss.class/scripts/magpiedebug.php...
WordPress Laborator Neon theme cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Laborator Neon theme is used in one of the back-end website management theme plugin. A cross-site scripting vulnerability exists in...
GitLab EE Cross-Site Scripting Vulnerability (CNVD-2020-03767)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...
libsixel buffer overflow vulnerability (CNVD-2020-01922)
libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A buffer overflow vulnerability exists in the 'gifoutcode' function of the fromgif.c file in libsixel version 1.8.4. The vulnerability stems from a networked system or produc...
NETCORE Netis DL4323 Cross-Site Scripting Vulnerability
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...
NETCORE Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-01648)
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...
WebKit component buffer overflow vulnerability in multiple Apple products (CNVD-2020-00207)
Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple macOS Mojave is a specialized operating system developed for Mac computers. webKit is one of the web browser WebKit is a Web browser engine component. A buffer overflow...
WordPress Cross-Site Scripting Vulnerability (CNVD-2020-01155)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the module editor in WordPress versions prior to 5.3.1. The...
GraphicsMagick 'EncodeImage' function buffer overflow vulnerability
GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A buffer overflow vulnerability exists in the 'EncodeImage' function of the coders/pict.c file in GraphicsMagick. The vulnerability stems from a networked...
ImageMagick Studio ImageMagick Buffer Overflow Vulnerability (CNVD-2020-00276)
ImageMagick Studio ImageMagick is a suite of open-source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. ImageMagick Studio ImageMagick suffers from a buffer overflow vulnerability. The vulnerability...
NetHack Buffer Overflow Vulnerability (CNVD-2019-47432)
NetHack is a role-playing single-player game. A buffer overflow vulnerability exists in NatHack versions 3.6.0 through 3.6.3. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and wri...