CVE-2019-1565

The CVE-2019-1565 issue affects PAN-OS External Dynamic Lists. An authenticated user with write privileges can inject arbitrary JavaScript/HTML, impacting PAN-OS 7.1.x ≤7.1.21, 8.0.x ≤8.0.14, and 8.1.x ≤8.1.5. Remediation: upgrade to 7.1.22, 8.0.15, or 8.1.6 (or later). If not exploiting, no work...

Cross-Site Scripting (XSS)

croogo/croogo is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the title parameter in the Attachment page to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS External Dynamic Lists. Ref. PAN-106776; CVE-2019-1565 Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject...

The vulnerability of microprogrammed logic controllers from Schneider Electric Modicon, related to insufficient protection of the web page structure, allows attackers to inject JavaScript that will be executed in the user’s browser.

The vulnerability of the microprogrammed logic controllers from Schneider Electric Modicon relates to insufficient protection of the web page structure. Exploiting this vulnerability allows an intruder to inject JavaScript, which will be executed in the user’s browser...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the description field of a Heat template...

IBM SPSS Analytic Server Cross-Site Scripting Vulnerability

IBM SPSS Analytic Server is a suite of IBM engines for predictive analytics of big data from IBM in the United States, which generates predictions and recommendations in big data to achieve optimal performance on a wide range of large amounts of data. A cross-site scripting vulnerability exists i...

WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor,...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2019-00558)

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in integration with IBM Rational CLM's Rational solution for managing all lifecycles of a development project. CLM users can access reports provided by JRS in dashboards,...

Cross-Site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the transphrase parameter in notice.php due to the application not performing output encoding before displaying on the user's browser...

Q'center Virtual Appliance Cross-Site Scripting Vulnerability

QNAP Q'center Virtual Appliance is a virtual appliance from QNAP Systems for deploying Q'center QNAP NAS Management Platform in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation. A cross-site scripting vulnerability exists in QNAP Q'center Virtual Appliance version...

CVE-2018-0723

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

CVE-2018-5411

Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into...

Cross-Site Scripting (XSS)

dnn.platform is vulnerable to cross-site scripting. The return URL is not sanitized which allows for remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2018-24367)

IBM Rational Collaborative Lifecycle Management CLM and so on are the products of IBM Corporation in the U.S.A. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational IBM Rational Collaborative Lifecycle Management CLM is a collaborative...

QNAP QTS Cross-Site Scripting Vulnerability (CNVD-2018-24263)

QNAP QTS is a Turbo NAS operating system from QNAP Systems. The system provides file storage, management, backup, multimedia applications and security monitoring. A cross-site scripting vulnerability exists in QNAP QTS version 4.2.6 build 20180711 and earlier, 4.3.3 build 20180725 and earlier, an...

CVE-2018-0719

Cross-site Scripting XSS vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...