tonyy dormsystem cross-site scripting vulnerability

tonyy dormsystem is a dormitory information management system. A cross-site scripting vulnerability exists in tonyy dormsystem 1.3 and earlier versions, which stems from a lack of proper validation of client data in the WEB application and can be exploited by an attacker to execute client-side co...

CVE-2019-17139

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Command injection

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...

CVE-2019-14451

Repetier-Server 0.8–0.91 is affected by CVE-2019-14451 for improper validation of XML printer configurations, which can enable remote code execution when combined with CVE-2019-14450 (directory traversal) via an uploaded external command configuration. After exploitation, the external command con...

CoreHR Core Portal Cross-Site Scripting Vulnerability

CoreHR Core Portal is a human resource management system. A cross-site scripting vulnerability exists in CoreHR Core Portal versions prior to 27.0.7. The vulnerability stems from the lack of proper validation of client-side data in the WEB application and can be exploited by an attacker to execut...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2019-39370)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr ERP/CR...

Thycotic Secret Server Cross-Site Scripting Vulnerability (CNVD-2019-38073)

Thycotic Secret Server is a privileged account management solution from Thycotic USA. A cross-site scripting vulnerability exists in Thycotic Secret Server versions prior to 10.7. The vulnerability stems from the lack of proper validation of client-side data by the WEB application, and can be...

hexo-admin plugin for Node.js cross-site scripting vulnerability

hexo-admin plugin for Node.js is a backend administration plugin for use in Node.js. A cross-site scripting vulnerability exists in the Post editor feature in hexo-admin plugin for Node.js version 2.3.0 and earlier, which stems from the lack of proper validation of client-side data in a web...

CVE-2019-13718

Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

WordPress indieweb-post-kinds plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. indieweb-post-kinds is one of the category plugins used in it. A cross-site scripting vulnerability exists in WordPress...

WordPress Exquisite Ultimate Newspaper theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Exquisite Ultimate Newspaper theme is a newspaper website theme plugin used in it. A cross-site scripting vulnerability exists in...

Foxit Studio Photo Out-of-Bounds Read Information Disclosure Vulnerability

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An out-of-bounds read disclosure vulnerability exists in JPEG to EPS conversion in Foxit Studio Photo 3.6.6.915 and earlier versions. The vulnerability stems from a lack of proper validation of user-suppli...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-37885)

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX 4.5.7 and earlier versions, which...

Loofah gem for Ruby cross-site scripting vulnerability (CNVD-2019-36965)

Loofah gem for Ruby is a Ruby-based library for processing and converting HTML/XML documents. A cross-site scripting vulnerability in Loofah gem for Ruby version 2.3.0 and earlier, which stems from a lack of proper validation of client-side data in a web application, can be exploited by an attack...

CVE-2019-14862

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...

Verodin Cross-Site Scripting Vulnerability

Verodin is a suite of network security inspection platforms from Verodin, Inc. in the United States. The platform is primarily used to test the effectiveness of security protections for networks, endpoints, email, and cloud controls.Director is Verodin's console program. A cross-site scripting...

Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2019-36863)

Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in versions of Rocket.Chat prior to 2.1.0, which stems from a lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side code...

CVE-2019-13545

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution...

CVE-2019-13545

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution...