DEBIAN-CVE-2019-13072

Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...

CVE-2019-13072

Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...

Cross-Site Scripting

Overview All versions of eco are vulnerable to Cross-Site Scripting XSS. The package's default escape implementation fails to escape single quotes, which may allow attackers to execute arbitrary JavaScript on the victim's browser. Recommendation No fix is currently available. Consider using an...

Cross site scripting

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

The vulnerability of the web access module of the DIRECTUM electronic document management system allows a perpetrator to execute arbitrary JavaScript code.

The vulnerability of the web access module of the DIRECTUM electronic document management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

CVE-2019-11649

Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploite...

Cross-Site Scripting

Overview Versions of serve prior to 10.0.2 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 10.0.2 o...

Cross-Site Scripting

Overview Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later. References -...

Cloud Classroom online school system suffers from override access, xss vulnerability

Cloud Classroom is the online education system of Beijing Yuxin Technology Co. Cloud Classroom online school system suffers from an override access, xss vulnerability, which can be exploited by attackers to modify other user profiles and execute js code on the browser...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

Design/Logic Flaw

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

CVE-2019-9673

Freenet 1483 is affected by a MIME-type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. The root cause is improper MIME-type handling, enabling code execution without user interaction. NVD lists CVSS v2 base score 6.8 (Network, Medium complexity) and CVSS v3 base scor...

NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

GHSA-M734-R4G6-34F9 NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

The vulnerability in the web interface of the Cisco Firepower Management Center’s management tool allows a perpetrator to execute arbitrary JavaScript code or gain unauthorized access to protected information.

The vulnerability of the Cisco Firepower Management Center’s web interface management interface relates to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code or gain unauthorized access to protect...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” relates to insufficient protection of the website structure, allowing attackers to execute arbitrary JavaScript code in the browser of the connected client.

The vulnerability of the component that allows sending messages to connected users in the enterprise resource management system Galaktika ERP is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript...

The vulnerability of the web interface of the Cisco Registered Envelope Service allows a perpetrator to execute arbitrary JavaScript code and gain unauthorized access to the protected information.

The vulnerability of the Cisco Registered Envelope Service RES web interface lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and gain unauthorized access to protected informati...

Vulnerability of the software complex: Regional electronic budget. An integration platform related to insufficient protection of web page structures, allowing attackers to execute arbitrary JavaScript code in the user’s browser.

Vulnerability of the software complex: Regional electronic budget. The integration platform is associated with insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...