Cross-Site Scripting (XSS)

nexus-repository is vulnerable to cross-site scripting XSS. A lack of input validation and output sanitization allows a remote attacker to inject arbitrary Javascript into victim's browser through multiple parameters...

Cross-Site Scripting (XSS)

nexus-core is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the repoId and format parameters of the healthCheckFileDetail function, the file name in the File Upload functionality of Staging Upload, the username when...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript through the content, url and name parameters under the Dashboard settings. This CVE ID is different from CVE-2018-18623 and CVE-2018-18625...

Cross-Site Scripting (XSS)

apache-airflow is vulnerable to cross-site scripting XSS. An admin user is able to inject arbitrary Javascript into a victim's browser through the modification of state of objects in the metadata database, which would execute on certain page views...

WordPress plugin 'FormCraft' cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin 'FormCraft'. If a user logs into the WordPress admi...

WordPress plugin "FormCraft" vulnerable to cross-site request forgery

Overview The WordPress plugin "FormCraft" provided by nCrafts contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

X (Formerly Twitter): Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect

Summary: com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect. Description: com.twitter.android.lite.TwitterLiteActivity is set to exported ...

The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the loaded page and gain access to protected da...

The vulnerability of the Email Collectors component in the Juniper ATP intrusion prevention system allows a intruder to inject any arbitrary JavaScript code into the uploaded page and gain access to protected data.

The vulnerability of the Email Collectors component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected da...

The vulnerability of the RADIUS configuration menu component of the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the RADIUS configuration menu of the Juniper ATP intrusion prevention system is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected...

The vulnerability of the Snort Rules configuration component of the Juniper ATP intrusion prevention system allows a perpetrator to inject arbitrary JavaScript code into the uploaded page and gain access to the protected data.

The vulnerability of the Snort Rules configuration component of the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to...

The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected data...

The vulnerability of the Cisco Prime Network lifecycle management software allows a hacker to inject any HTML or JavaScript code into the loaded page.

The vulnerability of the Cisco Prime Network lifecycle management software is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to inject arbitrary HTML or JavaScript code into the uploaded page through a specially crafted link...

The vulnerability of the file upload menu component in the Juniper ATP intrusion prevention system allows a intruder to inject any desired JavaScript code into the uploaded page and gain access to protected data.

The vulnerability of the file upload menu component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected da...

The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Cisco Identity Services Engine web interface relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the loaded page and gain access to protected data by redirecting users to a...

The vulnerability in the web interface of the operating system PAN-OS allows a hacker to inject any desired JavaScript or HTML code into the web page that is being uploaded.

The vulnerability of the PAN-OS operating system’s web interface exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...

The vulnerability of the PAN-OS operating system arises from insufficient protection of the web page structure, allowing attackers to inject any desired JavaScript or HTML code into the loaded web page.

The vulnerability of the PAN-OS operating system exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...

Zuz Music 2.1 - zuzconsole___contact Persistent Cross-Site Scripting

Zuz Music 2.1 - zuzconsolecontact Persistent Cross-Site Scripting Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Google Dork: N/A Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...

CVE-2018-20232

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

Stored Cross-Site Scripting Vulnerability in the Daimi CMS da***.me***.php File (CNVD-2019-06660)

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the dam.mem.php file of the Dami CMS. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading ...