CVE-2019-1566

The CVE-2019-1566 entry affects Palo Alto Networks PAN-OS: the Management Web Interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. Affects PAN-OS versions 7.1.21 and earlier, 8.0.14 and earlier, and 8.1.5 and earlier. An unauthenticated attacker could inject...

CVE-2019-1565

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML...

CVE-2019-1565

The CVE-2019-1565 issue affects PAN-OS External Dynamic Lists. An authenticated user with write privileges can inject arbitrary JavaScript/HTML, impacting PAN-OS 7.1.x ≤7.1.21, 8.0.x ≤8.0.14, and 8.1.x ≤8.1.5. Remediation: upgrade to 7.1.22, 8.0.15, or 8.1.6 (or later). If not exploiting, no work...

Cross-Site Scripting (XSS)

croogo/croogo is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the title parameter in the Attachment page to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS External Dynamic Lists. Ref. PAN-106776; CVE-2019-1565 Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the description field of a Heat template...

IBM SPSS Analytic Server Cross-Site Scripting Vulnerability

IBM SPSS Analytic Server is a suite of IBM engines for predictive analytics of big data from IBM in the United States, which generates predictions and recommendations in big data to achieve optimal performance on a wide range of large amounts of data. A cross-site scripting vulnerability exists i...

WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor,...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2019-00558)

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in integration with IBM Rational CLM's Rational solution for managing all lifecycles of a development project. CLM users can access reports provided by JRS in dashboards,...

Cross-Site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the transphrase parameter in notice.php due to the application not performing output encoding before displaying on the user's browser...

Q'center Virtual Appliance Cross-Site Scripting Vulnerability

QNAP Q'center Virtual Appliance is a virtual appliance from QNAP Systems for deploying Q'center QNAP NAS Management Platform in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation. A cross-site scripting vulnerability exists in QNAP Q'center Virtual Appliance version...

CVE-2018-0723

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724...

CVE-2018-5411

Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into...

Cross-Site Scripting (XSS)

dnn.platform is vulnerable to cross-site scripting. The return URL is not sanitized which allows for remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2018-24367)

IBM Rational Collaborative Lifecycle Management CLM and so on are the products of IBM Corporation in the U.S.A. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational IBM Rational Collaborative Lifecycle Management CLM is a collaborative...

QNAP QTS Cross-Site Scripting Vulnerability (CNVD-2018-24263)

QNAP QTS is a Turbo NAS operating system from QNAP Systems. The system provides file storage, management, backup, multimedia applications and security monitoring. A cross-site scripting vulnerability exists in QNAP QTS version 4.2.6 build 20180711 and earlier, 4.3.3 build 20180725 and earlier, an...

CVE-2018-0719

Cross-site Scripting XSS vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...

CVE-2018-12241

The Symantec Security Analytics SA 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks ...

Cross-site Scripting (XSS)

bootstrap-datepicker is vulnerable to a cross-site scripting XSS attack. The library does not properly handle the jQuery for the date container, allowing a malicious user to inject arbitrary Javascript...