The vulnerability of the web interface of the microprogramming software for Pelco cameras, models Sarix Enhanced and Spectra Enhanced, allows a intruder to execute any JavaScript code in the user’s browser.

The vulnerability of the web interfaces of Pelco Sarix Enhanced and Spectra Enhanced microprogramming systems lies in the insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser...

Cross-Site Scripting (XSS)

bolt/bolt is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the title and slug parameters in a POST request to /bolt/editcontent/pages...

PT-2019-16845 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 5.2.0.1 through 6.0.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

PT-2019-16847 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 5.2.0.1 through 6.0.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

CVE-2019-8279

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum...

Cross site scripting

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum...

CVE-2019-8279

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum...

CVE-2019-8279

CVE-2019-8279 is a vulnerability in Vanilla Forums prior to 2.5 identified as multiple stored XSS in forum messages. The underlying issue is that arbitrary JavaScript could be injected into messages, enabling remote attackers to execute code in a user’s browser. The connected documents confirm th...

CVE-2018-20244

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

PYSEC-2019-142

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

The vulnerability of the Cisco Jabber Client Framework software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to execute any JavaScript script they desire.

The vulnerability of the Cisco Jabber Client Framework exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript script remotely...

Starbucks: Reflected XSS in https://www.starbucks.co.jp/store/search/

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Please indicate NA, if not applicable. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting XSS. The user's full name is not escaped before displaying on a user's browser, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through the title parameter...

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

Cross site scripting

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

Cross site scripting

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

CVE-2019-7250

The CVE-2019-7250 issue affects the Cross Reference Add-on 36 for Google Docs. The vulnerability is a Stored XSS flaw in the plugin’s configuration panel preview boxes, where crafted label and references text can inject JavaScript code (via SCRIPT elements, event handlers, etc.). The stored paylo...