KingComposer - Authenticated Stored XSS

An user with the Contributor or Author privileges can inject arbitrary Javascript code in a KC section. When an admin or editor opens the malicious KC section the arbitrary JS code runs...

Cross-Site Scripting

Overview All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently...

Apache Airflow vulnerable to Stored XSS

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

Cross site scripting

Cross-site scripting XSS vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View...

CVE-2019-0216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

CVE-2019-0216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

Code injection

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

PYSEC-2019-214

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

PYSEC-2019-214

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

CVE-2019-0216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

Design/Logic Flaw

The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings...

Cross-Site Scripting

Overview All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages. Recommendation No fix is...

Cross-Site Scripting (XSS)

simple-markdown is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via Data or Vbscript URIs, e.g data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGknKTwvc2NyaXB0Pg==...

CVE-2019-10634

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields...

Cross-Site Scripting in buttle

All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...

SuiteCRM 7.x <= 7.8.23 and 7.10.x <= 7.10.10 XSS Vulnerability

SuiteCRM is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

The vulnerability of Google Chrome’s browser, related to improper input validation, allows a malicious actor to execute JavaScript code from an arbitrary source.

The vulnerability of Google Chrome relates to errors in handling redirects for URLs that are not allowed. Exploiting this vulnerability allows a malicious actor to execute JavaScript code from an arbitrary source, using a specially created HTML page...

CVE-2018-1731

IBM DOORS Next Generation DNG/RRC 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...