5965 matches found
chromium-browser: Insufficient policy enforcement
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
Cross site scripting
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-7341
Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...
CVE-2019-7343
Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorMethod' parameter value in the view monitor monitor.php because proper filtration is omitted...
Cross site scripting
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
MailEnable cross-site scripting vulnerability (CNVD-2019-27601)
MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in MailEnable versions prior to 8.60. An attacker can exploit this vulnerability to execute JavaScript code by sending an email...
Pornhub: XSS reflected on [https://www.youporn.com]
The researcher managed to obtain arbitrary javascript execution through reflected XSS on the Youtube World's RSS feed...
Remote code execution
Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...
XSS vulnerability with unsafe link protocols
An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...
MetInfo Cross-Site Scripting Vulnerability (CNVD-2019-03299)
MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site scripting vulnerability exists in MetInfo versions 6.x to 6.1.3, which can be exploited by remote attackers to execute JavaScript code by sending the 'urlarray' paramete...
LimeSurvey cross-site scripting vulnerability (CNVD-2018-26471)
LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site scripting vulnerability exists in LimeSurvey. A remote attacker can...
Veeam Explorer for Microsoft Exchange Javascript Execution Vulnerability
Challenge The vulnerability allows execution of arbitrary code in emails containing inline Javascript. NOTE: This has been corrected in Veeam Backup for MIcrosoft Office 365 version 3 and Veeam Backup & Replication version U4a. Cause The affected component is Veeam Explorer for Microsoft Exchange...
CVE-2018-20322
LimeSurvey version 3.15.5 contains a Cross-site scripting XSS vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6...
CVE-2018-20322
LimeSurvey 3.15.5 contains a cross-site scripting (XSS) vulnerability in the Survey Resource ZIP upload, allowing potentially executable JavaScript against LimeSurvey administrators. The issue is caused by insufficient input sanitization during ZIP upload of survey resources. The vulnerability is...
Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities: - Unauthorized javascript execution when disabled. - Arbitrary Write supporting remote code...
GHSA-J5RJ-G695-342R Fat Free CRM vulnerable to Cross-site Scripting
FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...
Fat Free CRM vulnerable to Cross-site Scripting
FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...
CVE-2018-1000868
WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...
Cross site scripting
WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...
CVE-2018-1000868
WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...