5964 matches found
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...
Information disclosure
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...
CVE-2018-2485
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...
CVE-2018-2485
The CVE-2018-2485 entry relates to SAP Fiori Client where a malicious app can cause the SAP Fiori app to execute JavaScript, enabling reading/writing information and invoking device JS APIs. Connected documents indicate SAP Fiori Client version 1.11.5 in Google Play addresses these issues, and us...
CVE-2018-2485
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...
CVE-2018-16474
CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...
fat_free_crm gem XSS vulnerability via query parameter
FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...
F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2019-01909)
F5 BIG-IP is an all-in-one network device from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the Configuration utility page in F5 BIG-IP versions 13.0.0-13.1.1.1 and...
Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2018-21798)
Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A cross-site scripting vulnerability exists in Advantech...
ADB Epicentro Code Injection Vulnerability
ADB Epicentro is a set of firmware used in ADB gateway and router devices from ADB Switzerland. A code injection vulnerability exists in the 'form Language' parameter of the /ui/login page in ADB Epicentro version E7.3.2+, which can be exploited to execute JavaScript code by tricking a user into...
Cross-Site Scripting in public
Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...
GHSA-8P5P-FF7X-HW7Q Cross-Site Scripting in public
Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...
CVE-2018-7633
Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...
CVE-2018-7633
Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...
CVE-2018-1558
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2018-9078
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...
CVE-2018-10497
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...