55 matches found
CVE-2020-10146
CVE-2020-10146 concerns a stored cross-site scripting vulnerability in the Microsoft Teams online service, affecting the displayName parameter. The issue could be exploited on Teams clients to obtain sensitive information such as authentication tokens and potentially execute arbitrary commands. M...
CVE-2020-11702
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
Cross site scripting
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
CVE-2018-19892
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field...
CVE-2018-19892
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field...
DomainMOD cross-site scripting vulnerability (CNVD-2019-07969)
DomainMOD is an open source application for managing your domain names and other Internet assets in a central location. A cross-site scripting vulnerability exists in DomainMOD versions 4.11.01 and earlier, which can be exploited by an attacker via the admin/dw/add-server.php DisplayName, HostNam...
Nextcloud: HTML injection with AutoComplete suggestions
As user1 set your displayname to Name 2. As user2 autocomplete the name in the comments input or Talk chat input 3. Click on the user name you just autocompleted User2 is redirected to https://nextcloud.com Only works with HTML, not with script Impact User1 can trick user2 to render any html...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 file names to apps/userldap/settings.php; 2 url or 3 title parameter to apps/bookmarks/ajax/editBookmark.php; 4 tag or 5 page parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 calendar displayname to part.choosecalendar.rowfields.php or 2 part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or 3 unspecified...
CVE-2012-4397
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 calendar displayname to part.choosecalendar.rowfields.php or 2 part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or 3 unspecified...
Multiple stored XSS - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...
Subtitle Translation Wizard '.srt' File Stack Based Buffer Overflow Vulnerability
This host is installed with Subtitle Translation Wizard and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbsubtitletranslationwizardbofvuln.nasl 5374 2017-02-20 16:36:11Z cfi $ Subtitle Translation Wizard '.srt' File Stack Based Buffer Overflow Vulnerability Authors:...
Orca Browser Version Detection
This script detects the installed version of Orca Browser and sets the result in KB. OpenVAS Vulnerability Test $Id: gborcabrowserdetect.nasl 7332 2017-09-29 14:16:56Z cfischer $ Orca Browser Version Detection Authors: Sharath S Copyright: Copyright c 2009 Greenbone Networks GmbH,...
CVE-2008-1775
Cross-site scripting XSS vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...
CVE-2008-1775
Cross-site scripting XSS vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...