CVE-2019-8233

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments...

CVE-2019-8146

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...

CVE-2019-8138

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

CVE-2019-8138

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

Code injection

in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template...

Magento cross-site scripting vulnerability (CNVD-2019-40836)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento versions prior to 1.9.4.3 and 1.14.4.3. An attacker can exploit the...

CVE-2019-8138

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

CVE-2019-8120

A stored cross-site scripting XSS vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address...

CVE-2019-18667

/usr/local/www/freeradiusviewconfig.php in the freeradius3 package before 0.15.73 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser...

CVE-2019-12417

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2019-12417

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

PYSEC-2019-216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

PYSEC-2019-216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2011-0428

Cross Site Scripting XSS in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments...

CVE-2011-0428

Cross Site Scripting XSS in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments...

CVE-2011-0428

CVE-2011-0428 describes a Cross Site Scripting (XSS) vulnerability in ikiwiki prior to version 3.20110122 due to insufficient input validation in comments. The impact is arbitrary JavaScript execution by remote attackers, enabled by mal‑formed comments. Affected software is ikiwiki; the root caus...

Cross-Site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. There is no $sce protection against linkhref, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser via RESOURCEURL...

CVE-2019-10475

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...