CVE-2020-9055 Versiant Lynx Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow an attacker to execute arbitrary JavaScript

Versiant LYNX Customer Service Portal CSP, version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or...

Cross-Site Scripting

Overview Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser...

Apple Mac OS X Security Update (HT211100 - 04)

Apple Mac OS X is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apple macOS Catalina Mail component xss vulnerability

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in the Mail component of Apple macOS Catalina versions prior to 10.15.4. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code...

Cross-site Scripting (XSS)

resteasy-jaxrs is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization of the value of strVal, allowing RESTEASY003870 exceptions be used to execute arbitrary Javascript in a user's browser...

CVE-2019-4718

IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123...

Security Bulletin: IBM Jazz for Service Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ( CVE-2019-4717)

Summary IBM Jazz for Service Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI CVE-2019-4717 Vulnerability Details CVEID: CVE-2019-4717 DESCRIPTION: IBM Jazz for Service Management is vulnerable to cross-site...

Cross-site Scripting (XSS)

actionview is vulnerable to cross-site scripting XSS. Inadequate sanitization and escaping of special characters such as dollar signs and backticks allows an attacker to inject and execute arbitrary Javascript in a user's browser via the j or javascriptescape helper...

Custom Post Type UI < 1.7.4 - CSRF to Stored XSS

The Custom Post Type UI WordPress plugin was vulnerable to Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS within the "Import Post Types" functionality in the "Tools" tab. This functionality allows users to import "Post Types" from other websites, or from backup, as JSON. This...

CVE-2020-10196

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

Cross site scripting

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

CVE-2020-10196

CVE-2020-10196 affects the WordPress plugin Popup Builder (versions before 3.64.1). A stored XSS flaw exists in an unsecured AJAX action (com/classes/Ajax.php) where an unauthenticated attacker can POST to wp-admin/admin-ajax.php with action sgpb_autosave and an allPopupData payload (including th...

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabcappointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML...

CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

Cross site scripting

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

Cross-site Scripting (XSS)

Cross-Origin Resource Sharing CORS Filter is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because the returned exception messages in 'CORSOriginDeniedException' reflects the origin in the request header allowing an attacker to inject and execute arbitrary Javascript to...

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabcappointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. Recent assessments: kevthehermit at March 05, 2020 10:29am UTC reported: This plugin i...

Cross site scripting

Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications and...

CVE-2020-9334

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...