CVE-2019-19632

An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated...

Apache CXF Cross-Site Scripting Vulnerability (CNVD-2020-04127)

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs. Apache CXF cross-site scripting vulnerability. An attacker can exploit this vulnerabili...

DEBIAN-CVE-2019-16780

WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...

CVE-2019-16781

WordPress CVE-2019-16781 affects WordPress versions before 5.3.1. Authenticated users with low privileges (e.g., contributors) can inject JavaScript in the block editor, which runs in the admin dashboard and can lead to an admin opening the affected post in the editor, enabling XSS. Remediation: ...

CVE-2019-16780

WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...

CVE-2019-19908

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmcusername parameter to passreset.php is vulnerable...

MTN Group: Cross-Site Scripting through search form on mtnplay.co.zm

Summary: There is a XSS vulnerability that can be triggered through a search form on mtnplay.co.zm Steps To Reproduce: 1. Navigate to http://www.mtnplay.co.zm/smart/jqm.aspx 2. Click on the search button or go to this link: http://www.mtnplay.co.zm/smart/jqm.aspx?event=search&mnu=search&ctrlid=92...

CVE-2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...

CVE-2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...

CVE-2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096

This module enables you to create forms to collect information from users and report, analyze and distribute it by email. The 7.x-3.x module doesn't sufficiently sanitize token values taken from query strings. If a query string token is used as the value of a markup component, an attacker can...

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability

IBM WebSphere Application Server Liberty is a U.S. IBM company built on the Open Liberty project on top of the Java application server . A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 19.0.0.11. A remote attacker can exploit this...

Cross site scripting

IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

IBM Planning Analytics Cross-Site Scripting Vulnerability (CNVD-2019-44562)

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A cross-site scripting vulnerability exists in IBM Planning Analytics version 2.0. An attacker can...

Cross-Site Scripting (XSS)

gitbook is vulnerable to cross-site scripting XSS. An attacker is able to inject arbitrary Javascript into a victim's browser using a local .md file which is rendered when displayed on the browser...

Cross-Site Scripting (XSS)

devalue is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript on a victim's browser using a malicious regular expression containing Javascript...

Cross-Site Scripting (XSS)

jetty-server is vulnerable to cross-site scripting. The server response containing the default error message from stacktraces is not sanitized and escaped before being displayed, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser...

IBM Cloud Pak System Platform System Manager Cross-Site Scripting Vulnerability

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. A cross-site scripting vulnerability exists in Platform System Manager in IBM...

Cross-Site Scripting (XSS)

vuetify is vulnerable to cross-site scripting XSS attacks. The user inputs are directly rendered and executed as HTML without sanitation in 'VInput.ts', allowing an attacker to inject arbitrary Javascript...

FreeBSD : wordpress -- multiple issues (459df1ba-051c-11ea-9673-4c72b94353b5)

wordpress developers reports : Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS...