5964 matches found
CVE-2018-1000842
FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...
CVE-2018-1000842
FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...
Cross site scripting
FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...
Improper access control
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...
CVE-2018-1000813
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an...
Pixars Tractor Cross-Site Scripting Vulnerability
Pixars Tractor is a web rendering solution. The product includes features such as resource sharing controls, Python module extensions, and more. A cross-site scripting vulnerability exists in Pixars Tractor 2.2 and prior versions, which can be exploited by remote attackers to inject and execute...
CVE-2018-18342
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Design/Logic Flaw
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2018-18347
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page...
chromium-browser: Out of bounds write in V8
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
chromium-browser: Inappropriate implementation in Navigation
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page...
Google Chrome Navigation Input Validation Vulnerability
Google Chrome is a web browser developed by Google, Inc.Navigation is one of the browser navigation modules. An input validation vulnerability exists in Navigation in versions of Google Chrome prior to 71.0.3578.80, which stems from the program's failure to properly handle navigation failures...
iniNet SpiderControl SCADA WebServer Cross-Site Scripting Vulnerability
The iniNet SpiderControl SCADA WebServer is a SCADA system server from iniNet Solutions, Switzerland. A cross-site scripting vulnerability exists in iniNet SpiderControl SCADA WebServer versions prior to 2.03.0001. A remote attacker can exploit this vulnerability by sending a specially crafted UR...
Cross site scripting
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature...
CVE-2018-12305
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript...
CVE-2018-12311
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename...
CVE-2018-12310
CVE-2018-12310 describes a cross-site scripting vulnerability in ASUSTOR ADM (login page, version 3.1.1) where an attacker can inject JavaScript through the System Announcement feature. Affected component: ASUSTOR ADM login flow. Underlying issue: stored/reflected XSS in the login surface (detail...
Cross site scripting
Cross-site scripting in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter...
CVE-2018-14698
CVE-2018-14698 concerns a cross-site scripting flaw in Drobo 5N2 NAS, specifically in the /DroboAccess/delete_user endpoint. The vulnerability allows an attacker to inject JavaScript via the username URL parameter in Drobo 5N2 NAS version 4.0.5-13.28.96115. NVD data lists CVSS v3 base score 6.1 (...
CVE-2018-14697
Cross-site scripting in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter...