3221 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View...
CVE-2019-0216
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
CVE-2019-0216
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Code injection
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-214
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-214
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
CVE-2019-0216
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Design/Logic Flaw
The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings...
Cross-Site Scripting
Overview All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages. Recommendation No fix is...
Cross-Site Scripting (XSS)
simple-markdown is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via Data or Vbscript URIs, e.g data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGknKTwvc2NyaXB0Pg==...
CVE-2019-10634
An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields...
Cross-Site Scripting in buttle
All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...
SuiteCRM 7.x <= 7.8.23 and 7.10.x <= 7.10.10 XSS Vulnerability
SuiteCRM is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-10905
Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...
CVE-2019-10905
Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...
CVE-2018-1731
IBM DOORS Next Generation DNG/RRC 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2018-1913
IBM DOORS Next Generation DNG/RRC 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Cross site scripting
Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...
CVE-2019-10646
Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...
CVE-2019-1003042
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...