2179 matches found
Observium cross-site scripting vulnerability (CNVD-2020-62447)
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. A cross-site scripting vulnerability exists in pages/contacts.inc.php in Observium. An attacker can exploit this vulnerability to inject and store...
Observium Cross-Site Scripting Vulnerability
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject and store malicious JavaScript code via...
CVE-2020-15162 Stored XSS in PrestaShop
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8...
WordPress Click To Top Plugin Stored Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A stored cross-site scripting vulnerability exists in the WordPress Click To Top plugin. An...
PT-2020-3926 · Microsoft · Windows +1
Name of the Vulnerable Software and Affected Versions: Microsoft Component Object Model COM affected versions not specified Description: The issue is related to errors in processing input data in the Microsoft Component Object Model COM component of Windows operating systems. It allows a remote...
Cross-Site Scripting in bootstrap-vue
Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser...
GHSA-C7PP-X73H-4M2V Cross-Site Scripting in bootstrap-vue
Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser...
Cross-Site Scripting (XSS)
highcharts is vulnerable to cross-site scripting XSS. Lack of sanitization of href values and no URL schemes restriction allows an attacker to inject malicious javascript and get executed when a user visits the page...
CVE-2019-20152
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
Cross site scripting
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
CVE-2019-20152
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...
CVE-2020-4052
In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.j...
GHSA-R24H-634P-M72X Validation Bypass in schema-inspector
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...
The vulnerability of the microprogramming software of the programmable logic controller SIMATIC S7-1200 allows a intruder to execute malicious JavaScript code.
The vulnerability of the microprogrammed control system for the SIMATIC S7-1200 programmable logic controller is related to the lack of security measures taken for the web server. Exploiting this vulnerability allows a malicious actor to execute malicious JavaScript code remotely...