Cross site scripting

Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...

Cross site scripting

Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting XSS vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later...

CVE-2017-1000507

Canvs Canvas version 3.4.2 contains a Cross Site Scripting XSS vulnerability in User's details that can result in denial of service and execution of javascript code...

Cross site scripting

Mautic version 2.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Company's name that can result in denial of service and execution of javascript code...

CVE-2017-1000509

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

CVE-2017-1000506

CVE-2017-1000506 affects Mautic

CVE-2017-1000507

Canvs Canvas version 3.4.2 contains a Cross Site Scripting XSS vulnerability in User's details that can result in denial of service and execution of javascript code...

CVE-2017-1000510

Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...

CVE-2017-1000508

Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting XSS vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later...

Sonatype Nexus Repository Manager OSS/Pro 2.14.5 / 3.7.1 XSS

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: =2.14.5, =3.7.1 fixed version: 2.14.6, 3.8.0 CVE...

CVE-2018-6824

Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"[email protected]"' request, which can be followed by a password reset...

Cross site request forgery (csrf)

Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"email protected"' request, which can be followed by a password reset...

Design/Logic Flaw

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...

Crlf injection

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...

CVE-2018-6806

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...

CVE-2018-6603

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...

WebKit - WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free Exploit

Exploit for multiple platform in category dos / poc function jsfuzzer var b = document.createElement"body"; a.appendb; ta.autofocus = true; var iframe = document.createElement"iframe"; b.appendChildiframe; li.appendChilddd; iframe.contentDocument.caretRangeFromPoint; function eventhandler...

Joomla 'Chromes' module XSS Vulnerability

Joomla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

CVE-2018-1361

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158...

CVE-2017-1623

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121...