4380 matches found
CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
CVE-2019-3826
Technical details about CVE-2019-3826 are not further provided in the connected documents. The available information originates from the Initial Description (Prometheus 2.7.1 and earlier XSS) with no additional public details in the linked sources. Monitor for updates.
CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
Apache CouchDB 2.3.1 - Cross-Site Request Forgery Cross-Site Scripting
Apache CouchDB 2.3.1 - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download...
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
Exploit for multiple platform in category web applications Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3....
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...
Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...
CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...
CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...
Design/Logic Flaw
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...
CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product...
CVE-2018-20736
CVE-2018-20736 affects WSO2 API Manager 2.1.0 and 2.6.0. The issue is a DOM-based XSS in the store component. Connected sources do not provide exploitation details. The NVD entry lists CVSSv3 base score 5.4 (Medium) and network attack with user interaction required. Patches/mitigations are refere...
Cross-site Scripting (XSS)
editor.md is vulnerable to cross-site scripting XSS. The vulnerability exists because it allows embedding of external svg file such as EMBED SRC="data:image/svg+xml, allowing an attacker to launch dom-based cross-site scripting...
Default credentials
DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...
Default credentials
jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...
Design/Logic Flaw
Editor.md 1.5.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...
CVE-2019-9738
jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...
CVE-2019-9736
DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...
CVE-2019-9738
jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...