The vulnerability of the DHCP Monitor web interface of the FortiOS operating system allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability of the DHCP Monitor web interface of the FortiOS operating system arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using the WTP Name or WTP Active Software Version request fields for...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code through user groups or template menus...

The vulnerability in the FortiOS operating system’s web portal allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability of the FortiOS operating system’s web portal stems from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using a specially crafted value for the “redir” parameter...

The vulnerability of the “Replacement Messages” component of the FortiOS operating system’s web interface, allowing a hacker to inject arbitrary JavaScript or HTML code

The vulnerability of the Replacement Messages component in the FortiOS operating system’s web interface arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure, allowing attackers to inject arbitrary JavaScript or HTML code.

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using a specially crafted HTTP request header named “Host”...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface stems from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code during the activation of FortiToken using the “action” parameter...

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure, allowing attackers to inject arbitrary JavaScript or HTML code.

The vulnerability of the FortiOS operating system is due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using a specially crafted URI...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...

The vulnerability of the FortiOS operating system’s web interface component, FortiView, allows a hacker to inject any JavaScript or HTML code they desire.

The vulnerability of the FortiOS operating system’s web interface component is due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using the “Application” filter in FortiOS...

Code injection

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

PT-2018-2643

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.2.2 Description The issue is related to insufficient sanitization of SVG elements in JavaScript, which can lead to the occurrence of unsanitized JavaScript in sanitized output when a crafted SVG element i...

The vulnerability in the web interface of the GlobalProtect operating system PAN-OS allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability in the web interface of the GlobalProtect operating system PAN-OS is due to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code...

Infogram: Stored XSS in infogram.com via language

The stored XSS was found in the language profile parameter. POC: Change profile settings with following request: http PUT /api/users/me HTTP/1.1 Host: infogram.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:63.0 Gecko/20100101 Firefox/63.0 Accept: / Accept-Language: en-US,en;q=0.5...

IBM WebSphere Commerce Cross-Site Scripting Vulnerability (CNVD-2018-22091)

IBM WebSphere Commerce is a suite of e-commerce solutions from IBM in the United States. The solution supports all sales business models, including B2C, B2B and B2B2C, on a single customer interaction platform. A cross-site scripting vulnerability exists in IBM WebSphere Commerce. A remote attack...

Stored Cross-site Scripting Vulnerability in S-CMS E-commerce System

S-CMS e-commerce system is an e-commerce software. A stored cross-site scripting vulnerability exists in the S-CMS e-commerce system. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...

AjentiCP 1.2.23.13 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker c...

AjentiCP 1.2.23.13 - Cross-Site Scripting

Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker can inject JavaScript codes without Ajenti privileges b...

AjentiCP 1.2.23.13 Cross Site Scripting

Title: AjentiCP Dir Name Based Stored XSS dir 2- Open this directory in File Manager tool in Ajenti server admin panel. // for secure days...

CVE-2018-10141

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML...