CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

CVE-2018-16220 affects AudioCodes 405HD VoIP phone with firmware 2.2.12. Affected component: the device’s web interface. Root cause: Cross Site Scripting in input fields (domain field and personal settings) that lets an attacker inject JavaScript by manipulating phone book entries or the domain n...

Cross site scripting

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

Cross-Site Scripting (XSS)

com.liferay.currency.converter.web is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the symbol to steal session tokens or perform unwanted actions on behalf of the user...

Shopify: Cross Site Scripting at https://app.oberlo.com/

1- create an account from https://app.oberlo.com/ 2- path to https://app.oberlo.com/settings/account/profile 3- inject javascript code or xss payload at Name form 4- it will be printed at page and executed payload that i used it " Impact This vulnerability can be used by attacker to serve malicio...

CVE-2018-19202

A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsettingbburl' parameter...

CVE-2018-19202

A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsettingbburl' parameter...

Cross-Site Scripting in Expedition Migration Tool

A cross-site scripting XSS vulnerability exist in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-1009/ CVE-2019-1574 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the Devices View. This issue affects Expedition 1.1....

CVE-2019-1567

The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings...

Cross site scripting

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...

CVE-2018-17989

CVE-2018-17989 affects D-Link DSL-3782 devices (firmware 1.01). A stored XSS vulnerability exists in the device’s web interface, allowing an authenticated attacker to inject a JavaScript/HTML payload into the ACL page. The payload executes when the browser requests "/cgi-bin/New_GUI/Acl.asp". Acc...

Cross site scripting

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

CVE-2018-19201

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

CVE-2018-19201

CVE-2018-19201: A reflected XSS in MyBB’s ModCP Profile Editor affects versions before 1.8.20. An attacker can inject JavaScript via the username parameter (remote, network-based). Impact is client-side script execution as described; mitigation is to upgrade to MyBB 1.8.20 (security maintenance r...

CVE-2018-19201

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

Cross-Site Scripting (XSS)

apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...

Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting XSS. Improper validation of user-supplied input allows a remote attacker to inject Javascript into a victim's browser through pages xipclient.html and xipserver.html...

Cross-Site Scripting (XSS)

league/commonmark is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via unsafe links using double-encoded HTML entities to steal session tokens or perform unwanted actions on behalf of the user...

PT-2019-2580 · Jenkins · Jenkins Lockable Resources Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lockable Resources Plugin versions 2.4 and earlier Description: The issue allows attackers to inject arbitrary JavaScript code in web pages rendered by the plugin due to a cross-site scripting vulnerability. This can be exploited by...

CVE-2018-1914

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...