5964 matches found
CVE-2018-12638
The CVE-2018-12638 entry concerns Bose Soundtouch for iOS version 18.1.4 where there is no frontend input validation of the device name. The underlying cause is reflected in multiple sources as a Cross‑Site Scripting risk: a malicious device name can cause JavaScript to execute in the registered ...
CVE-2019-9751
An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...
CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
CVE-2019-9751
An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...
CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
Design/Logic Flaw
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
DEBIAN-CVE-2019-9751
An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...
DEBIAN-CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
CVE-2019-9751
An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...
CVE-2019-9751
The CVE-2019-9751 vulnerability affects Open Ticket Request System (OTRS). Affects OTRS 6.x prior to version 6.0.17 and 7.x prior to 7.0.5. The issue arises from Kernel/Output/Template/Document.pm, where an admin-user can manipulate the URL to cause JavaScript execution in the OTRS context. Impac...
CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
The vulnerability of the web interface of the microprogramming software for Pelco cameras, models Sarix Enhanced and Spectra Enhanced, allows a intruder to execute any JavaScript code in the user’s browser.
The vulnerability of the web interfaces of Pelco Sarix Enhanced and Spectra Enhanced microprogramming systems lies in the insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser...
CICMS V2.1 18013 has xss vulnerability
CICMS system is developed by php+mysql, based on CodeIgniter, and is mainly used for enterprise building. CICMS V2.1 18013 has an xss vulnerability, which can be exploited by attackers to execute arbitrary JavaScript code...
PYSEC-2019-142
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
The vulnerability of Cisco WebEx Meeting software lies in the lack of security measures for the website structure, allowing attackers to execute arbitrary JavaScript scripts within the context of Cisco WebEx Meetings.
The vulnerability of Cisco WebEx Meetings software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a perpetrator to execute arbitrary JavaScript scripts within the context of Cisco WebEx Meetings...
CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
DEBIAN-CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
UBUNTU-CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
chromium-browser: Insufficient policy enforcement
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...