5966 matches found
DEBIAN-CVE-2019-10067
An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...
Microsoft Internet Explorer 11 - Sandbox Escape
Microsoft Internet Explorer 11 - Sandbox Escape Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...
Microsoft Internet Explorer 11 - Sandbox Escape
Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...
CVE-2019-10066
Open Ticket Request System (OTRS) 7.x up to 7.0.6, Community Edition 6.0.x up to 6.0.17, and OTRSAppointmentCalendar 5.0.x up to 5.0.12 are affected by CVE-2019-10066. The issue allows an attacker who is logged in as an OTRS agent with appropriate permissions to craft a calendar appointment that ...
PT-2019-11414 · Otrs +2 · Otrs +2
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.x through 7.0.6 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.35 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.17 Description: An issue w...
Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability
Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names...
Cross site scripting
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter...
Cross site scripting
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...
Cross site scripting
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...
CVE-2018-12299
CVE-2018-12299 relates to a cross-site scripting (XSS) vulnerability in Seagate NAS OS 4.3.15.1 filebrowser. The issue arises because uploaded file names can trigger JavaScript execution in the browser, enabling an attacker to perform actions in a victim’s session. The available connected documen...
CVE-2018-12297
CVE-2018-12297 affects Seagate NAS OS 4.3.15.1 with XSS in API error pages via URL path names. Root cause cited as insufficient validation of client data by the WEB application; impact is client-side script execution. Exploitation details/works are not provided in the documents; no remediation/ve...
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
Cross-Site Scripting
Overview All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an...
Cross site scripting
An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...
CVE-2018-4065
An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...
UBUNTU-CVE-2018-8035
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...
PT-2019-11143 · Apache · Apache Uima Ducc
Name of the Vulnerable Software and Affected Versions: Apache UIMA DUCC versions 2.2.2 and earlier Description: The issue arises from insufficient filtering of user-supplied inputs in the javascript code of Apache UIMA DUCC, potentially leading to the unintended execution of user-supplied...