chromium-browser: Insufficient port filtering in CORS for extensions

Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

UNA cross-site scripting vulnerability (CNVD-2020-16828)

UNA is a full-stack software platform for building custom community websites, social networks and collaboration centers. A cross-site scripting vulnerability exists in studio/polyglot.php?page=etemplates in UNA version 10.0.0-RC1, which stems from a lack of proper validation of client-side data i...

Crunchbase Cognitoys Dino Cross-Site Scripting Vulnerability

Crunchbase Cognitoys Dino is a children's cognitive electronic learning toy from Crunchbase USA. A cross-site scripting vulnerability exists in Crunchbase Cognitoys Dino. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit...

Backdrop CMS Cross-Site Scripting Vulnerability

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS versions 1.12.x before 1.12.8 and 1.13.x before 1.13.3. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can...

Backdrop CMS Cross-Site Scripting Vulnerability (CNVD-2019-26880)

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS version 1.12.x before 1.12.8 and version 1.13.x before 1.13.3. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker...

NewStart CGSL CORE 5.04 / MAIN 5.04 : gnupg2 Vulnerability (NS-SA-2019-0023)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnupg2 packages installed that are affected by a vulnerability: - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages...

CVE-2018-16064

Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...

verdaccio cross-site scripting vulnerability

verdaccio is a lightweight private npm registry. A cross-site scripting vulnerability exists in versions prior to verdaccio 3.12.0, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

Enhancesoft osTicket Cross-Site Scripting Vulnerability (CNVD-2020-16820)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in Enhancesoft osTicket versions prior to 1.10.7 and 1.12.x prior to 1.12.1. The vulnerability stems from a lack of proper validation of client-side data in the WEB application a...

CVE-2019-5864

Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

CVE-2019-5861

Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page...

cPanel cross-site scripting vulnerability (CNVD-2019-26209)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 66.0.2. The vulnerability stems from a lack of proper...

cPanel cross-site scripting vulnerability (CNVD-2019-26210)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 66.0.2. The vulnerability stems from a lack of proper...

cPanel cross-site scripting vulnerability (CNVD-2019-26204)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in versions prior to cPanel 70.0.23. The vulnerability stems from a lack of proper...

Central Dogma Cross-Site Scripting Vulnerability

Central Dogma is an open source service configuration version control repository based on Git, ZooKeeper and HTTP/2. A cross-site scripting vulnerability exists in Central Dogma versions 0.17.0 through 0.40.1. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

SunHater KCFinder Cross-Site Scripting Vulnerability

SunHater KCFinder is an open source file manager. A cross-site scripting vulnerability exists in SunHater KCFinder. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

MISP Cross-Site Scripting Vulnerability (CNVD-2020-22366)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. MISP suffers from a cross-site scripting vulnerability. The vulnerability stems from a lac...

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-24797)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.6. The vulnerability stems from the WEB application...

HisiPHP Cross-Site Scripting Vulnerability

HisiPHP is a set of rapid development framework based on ThinkPHP and Layui, which integrates permission management, module management, plugin management and database management. A cross-site scripting vulnerability exists in hisiphp version 1.0.8. The vulnerability stems from the lack of proper...

CVE-2019-2305

CVE-2019-2305 corresponds to an out-of-bounds access in processing where the reason code is extracted from frame data without validating the frame length. Affected are Snapdragon platforms across multiple product families (Snapdragon Auto, Consumer Electronics Connectivity, Consumer IoT, Industri...