CVE-2019-10475

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...

Cross site scripting

In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...

CVE-2019-16282

In NCH Express Invoice v7.12, persistent cross site scripting XSS exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript...

Cross-Site Scripting (XSS)

hotarucms/hotarucms is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser by storing malicious Javascript code in the sitename parameter. This CVE ID is related to CVE-2011-4709...

CVE-2019-1003042

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

Quantopian: Stored cross-site scripting in dataset owner.

Hi again. Another XSS this time. Summary: Unescaped chars in 'dataset owner' could be abused to store arbitrary javascript. Description: There is a 'dataset owner' field in new 'custom dataset dashboard' which contains unsanitized output. If attacker would modify his name, like first name '', the...

CVE-2019-4564

IBM Security Key Lifecycle Manager (SKLM) is affected by CVE-2019-4564 across versions 2.6–3.0.1. The vulnerability is a cross-site scripting flaw that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected produ...

Cross site scripting

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

Cross-Site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The vulnerability exists due to the use of alpha instead of nohtml in card.php, allowing a remote attacker to inject arbitrary Javascript into a victim's browser via the job parameter...

CVE-2019-4494

IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

Cross-Site Scripting (XSS)

no-vnc is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript ito a victim's browser via messages propagated to the status field such as the VNC server name...

PT-2019-17108 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service JRS versions 6.0 through 6.0.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

PT-2019-17107 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service JRS versions 6.0 through 6.0.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

GHSA-6M4R-CGM3-6Q7Q Cross-Site Scripting in status-board

All versions of status-board are vulnerable to Cross-Site Scripting. The renderJsDashboard function concatenates the safeDashboard variable to the HTTP response message with insufficient sanitization. If this variable is controlled by user input it may allow attackers to execute arbitrary...

Status Board vulnerable to Cross-Site Scripting before v1.1.82

Versions of status-board prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary...

CVE-2019-4342

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421...

PT-2019-17043 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.0 through 11.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cross-Site Scripting

Overview All versions of snekserve are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...

Cross-Site Scripting

Overview Versions of vant prior to 2.1.8 are vulnerable to Cross-Site Scripting. The text value of the Picker component column is not sanitized, which may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 2.1.8 or later. References - GitHub...

Cross site scripting

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...