5967 matches found
PT-2019-11143 · Apache · Apache Uima Ducc
Name of the Vulnerable Software and Affected Versions: Apache UIMA DUCC versions 2.2.2 and earlier Description: The issue arises from insufficient filtering of user-supplied inputs in the javascript code of Apache UIMA DUCC, potentially leading to the unintended execution of user-supplied...
ZEIT: Reflected DOM-Based XSS On Due Lack Filter On Parameter ?next
Summary: Hello I found that the parameter next lacks filtering, allowing the attacker to exploit this vulnerability to redirect users to a malicious site + The Attacker Can Exploit this bug to redirect the user to Malcious Site + The attacker can execute JavaScript code in the user browser Becaus...
Arbitrary JavaScript Execution
Overview Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later. References - GitHub Commit - Snyk Report - GitHub...
GHSA-8P7V-2JVJ-V54R Apache Airflow vulnerable to Stored XSS
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
The vulnerability of Google Chrome browser, related to improper input data validation, allows a malicious actor to execute arbitrary JavaScript code.
The vulnerability of Google Chrome is related to errors in event handling by Apple. Exploiting this vulnerability can allow an attacker to execute JavaScript code...
GHSA-GM29-35C7-8CFW Cross-Site Scripting in buttle
All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...
CVE-2019-10905
Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...
The vulnerability of the Expedition Migration tool, which exists due to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary JavaScript or HTML code.
The vulnerability of the Network Configuration Transfer tool exists because no measures have been taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript or HTML code remotely...
CVE-2019-5514
VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...
CB TAU Threat Intelligence Notification – Recent Emotet Campaign Leverages Phishing, PDFs & Droppers Impersonating Legitimate Applications
This past week, CB ThreatSight analysts were investigating suspicious events in an environment. This customer had installed the CB Defense sensor on a subset of systems in monitor only mode for evaluation. While investigating suspicious events, a CB ThreatSight analyst uncovered a new Emotet...
Apache JSPWiki Cross-Site Scripting Vulnerability
Apache JSPWiki is the U.S. Apache Apache Software Foundation of a Java-based , Servlet and JSP to build an open source WikiWiki engine . A security vulnerability exists in Apache JSPWiki versions 2.9.0 through 2.11.0.M2. The vulnerability can be exploited by an attacker to execute JavaScript code...
CVE-2019-10646
Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...
CVE-2019-9919
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS...
PT-2019-19935 · Joomla · Harmis Je Messenger
Name of the Vulnerable Software and Affected Versions: Harmis JE Messenger component version 1.2.2 Description: An issue was discovered in the Harmis JE Messenger component for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when...
CVE-2019-0224
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser...
CVE-2019-0224
CVE-2019-0224 affects Apache JSPWiki versions 2.9.0 to 2.11.0.M2. The vulnerability allows a crafted URL to execute JavaScript in the user’s own browser session. The provided sources describe the impact as client-side (no server/database writes and no cross-user script execution stated). The exac...
CVE-2019-1571
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...
WordPress Donation Plugin and Fundraising Platform Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress Donation Plug...
WordPress font-organizer plugin cross-site scripting vulnerability
WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress font-organize...
PHP League CommonMark library cross-site scripting vulnerability
PHP League CommonMark library is a PHP-based Markdown parser from the Extraordinary Packages consortium. A cross-site scripting vulnerability exists in PHP League CommonMark library versions prior to 0.18.3, which stems from the program failing to properly escape double-encoded HTML entities. A...