CVE-2023-30187

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

CVE-2021-36535

Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjsseterrorf...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

CVE-2019-14427

XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code...

CVE-2019-1010162

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function JsiStrcmpDict jsiChar.c:121. The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77...

CVE-2018-1000655

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...

CVE-2018-1000663

jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function jsievalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code...

Linux Distros Unpatched Vulnerability : CVE-2015-1209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in...

PT-2024-10303 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.3.0.26795 Description: A use-after-free vulnerability exists in the way Foxit Reader handles a 3D page object. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to...

PT-2024-22628 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.1.0.23997 Description: A use-after-free vulnerability exists in the way Foxit Reader handles a checkbox field object. A specially crafted JavaScript code inside a malicious PDF document can trigger this vulnerability...

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

CVE-2024-25147

Cross-site scripting XSS vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML v...

Mainway FireEye EX Cross-Site Scripting Vulnerability

Mainway FireEye EX is an all-in-one platform for enterprise security from Mainway, a China-based company. the FireEye® Central Management Platforms CM Series are a set of management platforms that consolidate the management, reporting, and data sharing of FireEye products into a single, easily...

PYSEC-2023-294

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

CVE-2023-41350 Chunghwa Telecom NOKIA G-040W-Q - Excessive Authentication Attempts

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more...

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

CVE-2023-30186

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

CVE-2023-30187

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

Improper access control

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

Ascensio System ONLYOFFICE Buffer Error Vulnerability

Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A buffer error vulnerability exists in Ascensio System ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2, which stems from the presence of an out-of-bounds memory access vulnerability. An attacker could exploit th...