Documize Cross-Site Scripting Vulnerability

Documize is an open source document collaboration system built on Golang and EmberJS. A cross-site scripting vulnerability exists in the domain/section/markdown/markdown.go file in Documize versions prior to 3.5.1. The vulnerability stems from the lack of proper validation of client-side data by...

serialize-javascript cross-site scripting vulnerability

serialize-javascript is a package that supports serializing JavaScript to JSON supersets. A cross-site scripting vulnerability exists in serialize-javascript versions prior to 2.1.1. The vulnerability stems from a web application that lacks proper validation of client-side data. An attacker can...

nopCommerce Cross-Site Scripting Vulnerability

nopCommerce is a set of open source general e-commerce platform. nopCommerce 4.20 and earlier versions of PresentationNop.WebAreasAdminControllersNewsController.cs and PresentationNop. WebAreasAdminControllersBlogController.cs components have a cross-site scripting vulnerability in the...

ShapeShift KeepKey Buffer Overflow Vulnerability

ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. ShapeShift KeepKey suffers from a punch zone overflow vulnerability. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect...

QNAP Systems QNAP Music Station Cross-Site Scripting Vulnerability

QNAP Systems QNAP Music Station is a music playback and management application from QNAP Systems. A cross-site scripting vulnerability exists in QNAP Systems Music Station. The vulnerability stems from a lack of proper validation of client data in the web application. An attacker can exploit this...

GitBook Cross-Site Scripting Vulnerability

GitBook is a command-line tool for publishing and hosting books online. A cross-site scripting vulnerability exists in GitBook 2.6.9 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability...

serialize-to-js cross-site scripting vulnerability

serialize-to-js is a package that serializes objects to strings. A cross-site scripting vulnerability exists in serialize-to-js NPM versions prior to 3.0.1. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...

The vulnerability of the microprogramming software of the Intel Baseboard Management Controller (BMC) arises from insufficient validation of input data. This allows a perpetrator to trigger a service failure.

The vulnerability of the microprogramming software of the Intel Baseboard Management Controller BMC is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization system and the Windows operating system is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through a specially created application...

TIBCO Software EBX Web Server Component Cross-Site Scripting Vulnerability

TIBCO Software EBX is a suite of enterprise data management solutions from TIBCO Software, USA. A cross-site scripting vulnerability exists in the web server component of TIBCO Software EBX, which stems from a lack of proper validation of client data in the web application and can be exploited by...

OpenWrt Cross-Site Scripting Vulnerability (CNVD-2020-09617)

OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in OpenWrt version 18.06.4. The vulnerability stems from the lack of proper validation of client-side data by the WEB application, which can be exploited by an attacker to execute client-side cod...

Alfresco Software Alfresco Enterprise Cross-Site Scripting Vulnerability

Alfresco Software Alfresco Enterprise is the enterprise version of an enterprise content management system from Alfresco Software. The system includes document management, office collaboration and other features. A cross-site scripting vulnerability exists in Alfresco Software Alfresco Enterprise...

WordPress CSS Hero Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CSS Hero is a CSS creation plugin used in it. A cross-site scripting vulnerability exists in WordPress CSS Hero 4.0.3 and earlier...

SALTO ProAccess SPACE Cross-Site Scripting Vulnerability

Salto Systems ProAccess SPACE is a web-based access control management tool from Salto Systems, Spain. A cross-site scripting vulnerability exists in Salto Systems ProAccess SPACE version 5.4.3.0. The vulnerability stems from a lack of proper validation of client data by the WEB application. An...

The vulnerability of the Microsoft Office suite arises from insufficient data validation, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft Office suite is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

Siemens Polarion webclient Cross-Site Scripting Vulnerability

Siemens Polarion is a suite of application lifecycle management software from Siemens, Germany. The software supports end-to-end enterprise application development in a unified, modular, browser-based software environment. webclient is one of the web-based client programs. A cross-site scripting...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2019-45129)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr CRM/ER...

Apple macOS UIFoundation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the UIFoundati...

iobroker.web Cross-Site Scripting Vulnerability

iobroker.web is a Node.js based web server for reading files from ioBroker DB. A cross-site scripting vulnerability exists in iobroker.web. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute...

Nokia IMPACT Cross-Site Scripting Vulnerability

Nokia IMPACT is a suite of intelligent management platforms for the Internet of Things IoT from the Finnish company Nokia. A cross-site scripting vulnerability exists in Nokia IMPACT. The vulnerability stems from the lack of proper validation of client-side data by the web application. An attacke...