5964 matches found
The vulnerability in the Kaspersky Security Center 10 web console allows a malicious individual to gain access to the software’s functions and execute arbitrary JavaScript code on the client side.
The vulnerability in Kaspersky Security Center 10 exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability can allow a malicious actor to gain access to software functions and execute arbitrary JavaScript code on the client side using a specially...
Cross site scripting
Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...
CVE-2017-16356
Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...
CVE-2017-16356
Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...
F-Secure Radar Cross Site Scripting
F-Secure Radar Persistent Cross-Site Scripting Vulnerability CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. Vendor Description...
UBUNTU-CVE-2017-1000509
Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...
CVE-2017-1000507
Canvs Canvas 3.4.2 is affected by a Cross Site Scripting (XSS) vulnerability in User’s details. The provided connected documents identify the issue but do not specify root cause details, affected subcomponents beyond the User’s details, exploit status, or a confirmed patch version. Potential impa...
CVE-2018-1401
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437...
The vulnerability of the CDVInAppBrowser class in Cordova In-App-Browser extensions allows a hacker to elevate their privileges and execute arbitrary JavaScript code.
The vulnerability of the CDVInAppBrowser extension in Cordova In-App-Browsers is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and enhance their privileges through specially crafted URIs...
CVE-2017-14522
In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...
CVE-2017-14522
In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...
PT-2018-5678 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1 Description: The application's input fields accept arbitrary user input, resulting in the execution of malicious JavaScript. It is noted that the vendor disputes this issue, stating it is a feature that enables only a...
PT-2018-5948 · Ibm · Ibm Doors Web Access
Name of the Vulnerable Software and Affected Versions: IBM Doors Web Access versions 9.5 through 9.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...
WordPress Soundy Audio Playlist Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Soundy Audio Playlist plugin is an audio playlist component used in ... A cross-site scripting vulnerability exists in WordPress Soun...
UBUNTU-CVE-2017-12098
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
Cross site scripting
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
Sulu-standard cross-site scripting vulnerability
Sulu-standard is an open source CMS Content Management System based on the Symfony PHP framework of the standard version . A cross-site scripting vulnerability exists in the page used to create pages in Sulu-standard version 1.6.6. A remote attacker could exploit this vulnerability to cause a...
Cross site scripting
Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code...
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
Mozilla: JavaScript Execution via RSS in mailbox:// origin
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...