Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS session browser. Ref. PAN-93244; CVE-2018-9335 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML. An attacker would need to successfully authenticate prior to exploiting this issue. This...

Galaxy server cross-site scripting vulnerability

Galaxy is a web-based open source system for accessing, reproducing, and analyzing biomedicine. galaxy server is one of the servers. A cross-site scripting vulnerability exists in multiple templates of the Galaxy server in Galaxy version 14.10, which stems from the program failing to properly...

DEBIAN-CVE-2018-1000557

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting XSS vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary javascript code within a victims' browser. This attack appear to be exploitable via Victim mus...

Cross site scripting

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)

Summary Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager FastBack for Workstations Central Administration Console can allow users to embed arbitrary JavaScript code in the Web UI or allow a local attacker to obtain...

Security Bulletin: Cross-site Scripting vulnerabilities affect IBM Rational products based on IBM Jazz technology

Summary Potential Cross-site scripting vulnerabilities affect the following IBM Rational Products: Rational Engineering Lifecycle Manager RELM, Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8975 DESCRIPTION: IBM Rhapsody DM and IBM Rational Engineering Lifecyc...

html-janitor cross-site scripting vulnerability

html-janitor is a module for controlling, cleaning up HTML. A cross-site scripting vulnerability exists in html-janitor. A remote attacker can exploit this vulnerability by sending attacker-controlled data to the 'clean' function to execute arbitrary JavaScript code...

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

Cross site scripting

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

Samsung Email EML File Parsing Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML...

Cross-site Scripting (XSS)

groovy-postbuild is vulnerable to cross-site scripting XSS attacks. The library does not escape user input for badge content, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the parent option in collapse.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the data-container variable in tooltip.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through HTML links on the dashboard...

Cross-site Scripting (XSS)

textAngular is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the Text Editor, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting in @risingstack/protect

All versions of @risingstack/protect are vulnerable to Cross-Site Scripting. The isXss XSS validator has several bypasses that may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation No fix is currently available. Consider using an alternative package. The packag...

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

Security Advisory - Two Vulnerabilities in APPGallery of Huawei Smart Phones

There is a whitelist mechanism bypass vulnerability and an arbitrary Javascript running vulnerability in Huawei AppGallery. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious...

Tenable Appliance vulnerable to cross-site scripting

Overview Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Wordpress Activity Log 2.4.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE : CVE-2018-8729...