DrayTek Vigor2700 Series < 2.8.4 Javascript Injection Vulnerability

Multiple DrayTek Vigor Routers are prone to a javascript injection vulnerability. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as publish...

Cross-Site Scripting (XSS)

squid is vulnerasble to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the username or auth parameter in cachemgr.cgi...

IBM Tivoli Netcool Impact Cross-Site Scripting Vulnerability (CNVD-2020-20671)

IBM Tivoli Netcool Impact is a suite of network management software from IBM in the United States. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. A cross-site scripting vulnerabilit...

CVE-2020-5339

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript...

Cross-Site Scripting (XSS)

github.com/hashicorp/nomad is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute JavaScript in a user's browser via a malicious workload in the cluster. The user's browser executes the file when it is displayed in its raw form from the API or UI...

Stored XSS via malicious file upload - CVE-2020-14173

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected versions version 8.5.4 8.6.0 ≤ version ≤ 8.7.0 8.7.0 ≤ version 8.7.1 Fixed versions 8.5.4 8.7...

Apache DeltaSpike Injection Vulnerability

Apache DeltaSpike is a portable CDI extension suite from the Apache Software USA Foundation. A security vulnerability exists in the windowhandler.js file in Apache DeltaSpike 1.9.2 and earlier versions. An attacker can exploit the vulnerability to inject JavaScript code...

DEBIAN-CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

UBUNTU-CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

CVE-2020-10196

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

PT-2020-11969 · WordPress · Popup Builder

Name of the Vulnerable Software and Affected Versions: popup-builder plugin versions prior to 3.64.1 Description: The issue allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. An unauthenticated attacker can insert...

Munkireport Cross-Site Scripting Vulnerability (CNVD-2020-16631)

Munkireport is a reporting client for munki. A cross-site scripting vulnerability exists in Munkireport versions prior to 5.3.0. An attacker can exploit this vulnerability by injecting javascript into the comment field via the /module/comment/save endpoint...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

Design/Logic Flaw

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

CVE-2020-9758

LiveZilla Live Chat 8.0.1.3 (Helpdesk) is affected by CVE-2020-9758 due to a blind JavaScript injection in chat.php (name parameter). This stored XSS can reveal usernames/passwords stored in the database via the mobile/chat URI (lgn/psswrd), enabling privilege escalation from unauthenticated to u...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

UBUNTU-CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9371

The CVE refers to the WordPress plugin Appointment Booking Calendar (cpabc_appointments.php). A Stored XSS exists in the Calendar Name input, allowing injection of arbitrary JavaScript/HTML in versions prior to 1.3.35. The vulnerability is triggered through normal admin functionality when creatin...

CentOS: Security Advisory for thunderbird (CESA-2020:0574)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...