XSS Vulnerability in Tongda OA Government Edition

Tongda OA is a collaborative office automation software. An XSS vulnerability exists in Tongda OA Government Edition. The vulnerability stems from the lack of proper validation of client data in the WEB application, which can be exploited by remote attackers to inject arbitrary Web scripts or HTM...

Hackers steal sensitive client data in Israeli insurance firm data breach

By Deeba Ahmed BlackShadow hackers took responsibility for the attack and leaked the data online belonging to Shirbit's customers. This is a post from HackRead.com Read the original post: Hackers steal sensitive client data in Israeli insurance firm data breach...

BookStack cross-site scripting vulnerability (CNVD-2020-63954)

BookStack is BookStackApp team of a set of open source using PHP and Laravel to build wiki documentation platform . A cross-site scripting vulnerability exists in versions prior to BookStack 0.30.4, which stems from a lack of proper validation of client-side data by the WEB application. The...

Cross site scripting

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

WordPress cm-download-manager cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress cm-download-manager versions prior to 2.8.0. The...

blinger Blinger.io Cross-Site Scripting Vulnerability

blinger Blinger.io is a web platform of the Russian blinger company. It is used for companies to communicate with their customers. A cross-site scripting vulnerability exists in Blinger.io version v.1.0.2519, which stems from the lack of proper validation of client data by the WEB application, an...

Untis WebUntis Cross-Site Scripting Vulnerability

Untis WebUntis is an individual developer's is a tool for schools to publish electronic timetables like students. A cross-site scripting vulnerability exists in Untis WebUntis versions prior to 2020.9.6, which stems from a lack of proper validation of client-side data by the web application. An...

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but the...

Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability (CNVD-2020-53812)

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Gradle Enterprise Cross-Site Scripting Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site scripting vulnerability exists in Gradle Enterprise versions 2020.2 through 2020.2.4. The vulnerability stems from the lack of proper validation of client-side data by the WEB application...

Gazie Cross-Site Scripting Vulnerability

Gazie is a financial application based on PHP and MySQL. The program supports features such as invoice management, inventory management and order management. A cross-site scripting vulnerability exists in Gazie version 7.29, which originates from an improper validation of client-side data by...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java XML Forms versions 7.30, 7.31, 7.40, 7.50, which arises from a lack of proper validation of client-side data in the web application. An...

DBHcms Cross-Site Scripting Vulnerability (CNVD-2020-52191)

DBHcms is a small PHP open source content management system. It is suitable for personal and small business websites. DBHcms version 1.2.0 cross-site scripting vulnerability , the vulnerability stems from the lack of WEB applications on the client side of the correct validation of data , an...

Rust Cross-Site Scripting Vulnerability

Rust is a general-purpose, compiled programming language. A cross-site scripting vulnerability exists in versions prior to rgb crate 0.8.20, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to read and write data i...

Carson & SAINT SAINT Security Suite Cross-Site Scripting Vulnerability (CNVD-2020-47571)

Carson & SAINT SAINT Security Suite is the U.S. Carson & SAINT a set of vulnerability management, security configuration assessment, penetration testing and other functions of the security suite. A cross-site scripting vulnerability exists in the Credential Manager component of Carson & SAINT SAI...

Atlassian Jira Gantt-Chart Cross-Site Scripting Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. Gantt-Chart is a project management module for tracking and managing all types of issues and defects in the workplace. A cross-site scripting vulnerability exists in Atlassian Jira Gantt-Chart versions prior to 5.5.5...

WordPress WooCommerce Subscriptions Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WooCommerce Subscriptions is a subscription plugin used in it. A cross-site scripting vulnerability exists in WordPress...

CVE-2019-17638

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

Pulse Secure Pulse Connect Secure Cross-Site Scripting Vulnerability

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. A cross-site scripting vulnerability exists in versions of Pulse Secure PCS prior to 9.1R8. The vulnerability stems from the lack of proper...

Pulse Secure Pulse Connect Secure and Pulse Policy Secure Cross-Site Scripting Vulnerabilities

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse and Pulse Policy Secure are both products of Pulse Secure, Inc.Pulse Connect Secure is an SSL VPN solution. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a network access control solution...