CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

Microsoft Internet Explorer 11 - Sandbox Escape Exploit

Exploit for windows platform in category local exploits Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

DEBIAN-CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

UBUNTU-CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

CVE-2019-10066

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

DEBIAN-CVE-2019-10066

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

Microsoft Internet Explorer 11 - Sandbox Escape

Microsoft Internet Explorer 11 - Sandbox Escape Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

Microsoft Internet Explorer 11 - Sandbox Escape

Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

CVE-2019-10066

Open Ticket Request System (OTRS) 7.x up to 7.0.6, Community Edition 6.0.x up to 6.0.17, and OTRSAppointmentCalendar 5.0.x up to 5.0.12 are affected by CVE-2019-10066. The issue allows an attacker who is logged in as an OTRS agent with appropriate permissions to craft a calendar appointment that ...

PT-2019-11414 · Otrs +2 · Otrs +2

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.x through 7.0.6 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.35 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.17 Description: An issue w...

Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability

Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Cross site scripting

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...

CVE-2018-12303

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

CVE-2018-12297

Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names...

Cross site scripting

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter...

Cross site scripting

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

CVE-2018-12303

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...