CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

Cross-Site Scripting in bootbox

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an alternativ...

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a malicious attachment via the AttachmentTab to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a malicious InterWiki link to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the ReferredPagesPlugin and navigation breadcrumbs, to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

foreman is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript in a victim's browser by creating a malicious entity that executes upon the display of the success notification...

Cross-site Scripting (XSS)

mermaid is vulnerable to Cross-Site Scripting. Due to improper output encoding, a malicious input such as A"" can be provided to the application, allowing a remote attacker to execute arbitrary Javascript on the victim's browser...

Cross-Site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victims browser via the Title of the "Site options" in the admin panel dashboard dropdown...

Cross-Site Scripting (XSS)

angular-froala is vulnerable to cross-site scripting XSS. The ngModel.$isEmpty function allows a remote attacker to inject arbitrary Javascript into a victim's browser since it bypasses the native froala security cleaning method by executing the content of value with the jQuery function...

Cross-Site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the title of a new page...

CVE-2019-1568

Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...

CVE-2019-1568

Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...

Cross-Site Scripting (XSS)

Red Hat Satellite 5 is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to pass malicious input via the parameters in admin/BunchDetail.do; and software/packages/NameOverview.do; with the intention of executing arbitrary Javascript code on the victims browser...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

F5 Networks BIG-IP : NodeJS vulnerability (K37111863)

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

PT-2019-16885 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

PT-2019-16851 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 2.0.3 through 3.0CD Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cross-site Scripting (XSS)

jetty-util is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the directory listing does not encode characters in UTF-8, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through unicode characters...