OpenAsset Digital Asset Management software Cross-Site Scripting Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. A cross-site scripting vulnerability exists in the OpenAsset Digital Asset Management software that originates from allowing remote attackers to inject arbitrary JavaScript or HTML via...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cross-Site Scripting (XSS)

MediaWiki is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser by creating a message with javascript:payload xss as a jQuery object with mw.message.parse...

Cross-Site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via post slugs...

Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post = 1.1.5 allow low-privileged users Contributor+ to inject arbitrary Javascript code or HTML in posts where the Themify Custom Panel is embedded. PoC 1. As a contributor, go into "Portfolios" tab from the sidebar and create a ne...

DEBIAN-CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2020-68256)

IBM Jazz Reporting Service JRS is a suite of ready-to-use reporting components from IBM in the United States. The product includes features such as report generation, data collection and lifecycle queries. IBM Jazz Reporting Service has a security vulnerability that makes it susceptible to stored...

Bugventure Jsen Security Breach

Bugventure Jsen is a Js package for verifying Json objects from the Bugventure personal developer. A security vulnerability exists in jsen that can be exploited by an attacker to take control of a schema file, which can then be used to run arbitrary JavaScript code on the victim machine...

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. An attacker can remove HTML elements during sanitization would keep existing SVG event handlers and subsequently execute arbitrary Javascript on a user's browser...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...

Cross-Site Scripting (XSS)

prestashop/productcomments is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via various parameters within the application. The vulnerability exists as the content-type of the server response is not set to...

Cross-Site Scripting (XSS)

handsontable is vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML before displaying on a user's browser, allowing an attacker to insert and execute arbitrary Javascript via the built-in functionalities...

Cross-Site Scripting (XSS)

jinja2 is vulnerable to Cross Site Scripting. An attacker is able to inject and execute arbitrary Javascript through the gettext and ngettext function due to the lack of output sanitization...

Cross-Site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Color History feature...

Cacti < 1.2.14 XSS Vulnerability - Linux

Cacti is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

U.S. Dept Of Defense: Reflected Xss in [██████]

Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

CVE-2020-24432

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...

Adobe Acrobat and Reader Input Validation Improperity Vulnerability

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an improper input validation vulnerability. An attacker can exploit this vulnerability to achieve arbitrary JavaScript...