5836 matches found
TYPO3 cross-site scripting vulnerability (CNVD-2019-41221)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 versions prior to 4.3.12, 4.4.x prior to 4.4.9 and 4.5.x prior to 4.5.4. The vulnerability stems from a lack of proper validation of...
Pagure Cross-Site Scripting Vulnerability (CNVD-2020-17195)
Pagure is a Git repository written in Python to provide Web services. Pagure suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-side cod...
Intelbras WRN 150 Cross-Site Scripting Vulnerability
Intelbras WRN 150 is a wireless router from Intelbras Poland. A cross-site scripting vulnerability exists in Intelbras WRN 150. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can exploit the vulnerability to execute client-side code...
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2019-44941)
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...
Plataformatec Simple Form Input Validation Error Vulnerability
Plataformatec Simple Form is a form builder from Plataformatec Brazil. An input validation error vulnerability exists in Plataformatec Simple Form. The vulnerability originates from a network system or product that does not properly validate input data. Detailed vulnerability details are not...
PopojiCMS Cross-Site Scripting Vulnerability
PopojiCMS is an open source content management system CMS based on the Popoji framework. A cross-site scripting vulnerability exists in PopojiCMS. The vulnerability stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to...
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2019-40708)
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...
Serendipity Package Cross-Site Scripting Vulnerability
Serendipity is a PHP-based blogging system from the Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site scripting vulnerability exists in Xinha in Serendipity packages prior to version 1.5.5. The vulnerability stems from a lack of proper...
JetBrains YouTrack Cross-Site Scripting Vulnerability
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A cross-site scripting vulnerability exists in versions prior to JetBrains YouTrack...
JetBrains Upsource Cross-Site Scripting Vulnerability
JetBrains Upsource is a set of code review tools from the Czech company JetBrains. A cross-site scripting vulnerability exists in versions prior to JetBrains Upsource 2019.1.1412. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can...
JetBrains YouTrack Cross-Site Scripting Vulnerability
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A cross-site scripting vulnerability exists in versions prior to JetBrains YouTrack...
Online Store System Cross-Site Scripting Vulnerability (CNVD-2019-40113)
Online Store System is an e-commerce system. A cross-site scripting vulnerability exists in Online Store System v1.0. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerability to execute client-side code...
TYPO3 cross-site scripting vulnerability (CNVD-2019-40295)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end login box in TYPO3. The vulnerability stems from the lack of proper validation of client-side data by the WEB application, which...
Websieve Cross-Site Scripting Vulnerability
websieve is a web-based email server management program. A cross-site scripting vulnerability exists in websieve version v0.62, which stems from the lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...
chromium-browser: URL bar spoof via download redirect
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
chromium-browser: HTTP authentication spoof
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
chromium-browser: Extensions can be disabled by trailing slash
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page...
Tyto Software Sahi Pro Cross-Site Scripting Vulnerability
Tyto Software Sahi Pro is a suite of automated testing tools from Tyto Software India. A cross-site scripting vulnerability exists in Tyto Software Sahi Pro version 8.x. The vulnerability stems from a lack of proper validation of client-side data in the web application and can be exploited by an...
Control Web Panel Cross-Site Scripting Vulnerability
Control Web Panel is a Linux web hosting control panel. A cross-site scripting vulnerability exists in Control Web Panel version 0.9.8.885, which stems from the lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side code...
The vulnerability of the monitor for distributing electrical loads in Rockwell Automation’s Allen-Bradley PowerMonitor 1000, related to deficiencies in the verification of data entered by users, allows a intruder to gain access to the device.
The vulnerability of the Rockwell Automation Allen-Bradley PowerMonitor 1000 in terms of electrical load distribution is related to deficiencies in data validation by users. Exploiting this vulnerability allows a malicious actor to execute XSS attacks and gain access to the device...