CVE-2020-21732

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting XSS. An attacker can add JavaScript code to the filename...

Cross site scripting

Gazie 7.29 is affected by: Cross Site Scripting XSS via http://192.168.100.7/gazie/modules/config/adminutente.php?username=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code...

Debian DLA-2371-1 : wordpress security update

Multiple vulnerabilities were discovered in Wordpress, a popular content management framework. CVE-2019-17670 WordPress has a Server Side Request Forgery SSRF vulnerability because Windows paths are mishandled during certain validation of relative URLs. CVE-2020-4047 Authenticated users with uplo...

[SECURITY] [DLA 2371-1] wordpress security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2371-1 [email protected] https://www.debian.org/lts/security/ September 11, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

Cross site scripting

The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...

Atlassian Jira 7.6.x < 8.5.4, 8.6.x < 8.7.1 Stored XSS (JRASERVER-70814)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 8.5.4 or 8.6.x prior to 8.7.1. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in the REST API component. An authenticated, remote...

Mac Users Targeted by Spyware Spreading via Xcode Projects

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...

Cross-Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the URL encode key in PreparePHPSELF.php, leading to an admin session hijacking or executing arbitrary requests using the admin's...

SOPlanning <= 1.46.01 XSS Vulnerability

SOPlanning is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MyBB < 1.8.24 XSS Vulnerability

MyBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Cross-Site Scripting (XSS)

restws is vulnerable to cross-site scripting. A remotely authenticated user is able inject and execute arbitary Javascript in another user's browser...

CVE-2020-11584

A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter...

Atlassian Confluence < 7.4.2 / 7.5.x < 7.5.2 XSS (CONFSERVER-60102)

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.4.2 or 7.5.x prior to 7.5.2. It is, therefore, affected by a cross-site scripting XSS vulnerability in user macro parameters. An authenticated, remote attacker can exploit...

cxf: reflected XSS in the services listing page

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

IBM QRadar SIEM Carbon Black Response Cross-Site Scripting Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. Carbon Black Response i...

CVE-2019-4747

IBM Team Concert RTC is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887...

Wordpress Plugin Powie&#039;s WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting Date: 2020-07-07 Vendor Homepage: https://powie.de Vendor Changelog: https://wordpress.org/plugins/powies-whois/developers Software Link: https://wordpress.org/plugins/powies-whois/ Exploit Author:...

CVE-2020-7690

All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...