html-janitor cross-site scripting vulnerability

html-janitor is a module for controlling, cleaning up HTML. A cross-site scripting vulnerability exists in html-janitor. A remote attacker can exploit this vulnerability by sending attacker-controlled data to the 'clean' function to execute arbitrary JavaScript code...

Cross site scripting

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

Samsung Email EML File Parsing Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML...

Cross-site Scripting (XSS)

groovy-postbuild is vulnerable to cross-site scripting XSS attacks. The library does not escape user input for badge content, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the parent option in collapse.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the data-container variable in tooltip.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through HTML links on the dashboard...

Cross-site Scripting (XSS)

textAngular is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the Text Editor, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting in @risingstack/protect

All versions of @risingstack/protect are vulnerable to Cross-Site Scripting. The isXss XSS validator has several bypasses that may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation No fix is currently available. Consider using an alternative package. The packag...

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

Security Advisory - Two Vulnerabilities in APPGallery of Huawei Smart Phones

There is a whitelist mechanism bypass vulnerability and an arbitrary Javascript running vulnerability in Huawei AppGallery. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious...

Tenable Appliance vulnerable to cross-site scripting

Overview Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Wordpress Activity Log 2.4.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE : CVE-2018-8729...

SA162: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to several vulnerabilities. A remote attacker, with access to the management console, can cause denial of service through management console application crashes. A malicious appliance administrator can also inject arbitrary...

Cross site scripting

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

enhavo cross-site scripting vulnerability

enhavo is a set of open source CMS written in PHP based on the Symfony framework content management system. A cross-site scripting vulnerability exists in enhavo version 0.4.0. A remote attacker can exploit this vulnerability to inject and execute arbitrary types of JavaScript code...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...