5964 matches found
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATIONNAME= URI, aka SD-69139...
WordPress Duplicator Plugin Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Duplicator plugin version 1.2.32, which can be exploited by an...
Jupyter Notebook JavaScript Malicious Fake File Vulnerability
Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A security vulnerability exists in Jupyter Notebook versions prior to 5.4.1. An attacker can exploit this vulnerability to execute JavaScript code in a notepad context with t...
Jolokia Agent Cross-Site Scripting Vulnerability
Jolokia is a use of JSON via Http to achieve JMX remote management of open source projects , it provides JMX batch operation , security policies , etc. Jolokia agent is one of the agent . Jolokia agent 1.3.7 version of the HTTP servlet has a cross-site scripting vulnerability . A remote attacker...
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
Design/Logic Flaw
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
UBUNTU-CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
DEBIAN-CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
CVE-2018-8768
CVE-2018-8768 affects Jupyter Notebook up to version 5.4.1. A maliciously forged notebook can bypass sanitization, allowing JavaScript execution in the notebook context due to how invalid HTML is fixed by jQuery after sanitization (XSS risk). The issue is documented in multiple advisories (Debian...
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
ClusterLabs pcs Cross-Site Scripting Vulnerability
ClusterLabs pcs is a command line tool for configuring Pacemaker. A cross-site scripting vulnerability exists in versions of ClusterLabs pcs prior to 0.9.157 that stems from the program failing to properly validate the Node name field. An attacker can exploit the vulnerability to run JavaScript...
pym.js CSRF Vulnerability
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...
CVE-2018-1000086
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The application does not sanitize the MenuItem variable, allowing a malicious user to inject and execute arbitrary Javascript...
Grab: [growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite
Hi, An encoded injection in the q parameter on my.html can be used to reflect JavaScript in the growth.grab.com context. This microsite creates a "Grab's Valentine" card for a driver over the past year, and carries its data in Base64 format. Proof of concept Please visit the following URL, scroll...
Mautic Cross-Site Scripting Vulnerability
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in Company name in Mautic 2.11.0 and earlier versions. A remote attacker can exploit this vulnerability to...
Invoice Plane Cross-Site Scripting Vulnerability (CNVD-2018-04555)
InvoicePlane is an open source financial system. The system has features to manage quotes, invoices and payments. A cross-site scripting vulnerability exists in the client email field in InvoicePlane 1.5.4 and prior versions. A remote attacker can exploit this vulnerability to execute JavaScript...
Dolibarr cross-site scripting vulnerability (CNVD-2018-04561)
Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. Product details is one of the product details module. A cross-site scriptin...