Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a malicious attachment via the AttachmentTab to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a malicious InterWiki link to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the ReferredPagesPlugin and navigation breadcrumbs, to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

foreman is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript in a victim's browser by creating a malicious entity that executes upon the display of the success notification...

Cross-site Scripting (XSS)

mermaid is vulnerable to Cross-Site Scripting. Due to improper output encoding, a malicious input such as A"" can be provided to the application, allowing a remote attacker to execute arbitrary Javascript on the victim's browser...

Cross-Site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victims browser via the Title of the "Site options" in the admin panel dashboard dropdown...

Cross-Site Scripting (XSS)

angular-froala is vulnerable to cross-site scripting XSS. The ngModel.$isEmpty function allows a remote attacker to inject arbitrary Javascript into a victim's browser since it bypasses the native froala security cleaning method by executing the content of value with the jQuery function...

Cross-Site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the title of a new page...

CVE-2019-1568

Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...

CVE-2019-1568

Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...

Cross-Site Scripting (XSS)

Red Hat Satellite 5 is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to pass malicious input via the parameters in admin/BunchDetail.do; and software/packages/NameOverview.do; with the intention of executing arbitrary Javascript code on the victims browser...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

F5 Networks BIG-IP : NodeJS vulnerability (K37111863)

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

PT-2019-16885 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

PT-2019-16851 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 2.0.3 through 3.0CD Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cross-site Scripting (XSS)

jetty-util is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the directory listing does not encode characters in UTF-8, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through unicode characters...

KingComposer - Authenticated Stored XSS

An user with the Contributor or Author privileges can inject arbitrary Javascript code in a KC section. When an admin or editor opens the malicious KC section the arbitrary JS code runs...

Cross-Site Scripting

Overview All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently...

Apache Airflow vulnerable to Stored XSS

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...