Node.js third-party modules: [html-pages] Stored XSS in the filename when directories listing

I would like to report a Store XSS vulnerability in html-pages It allows executing malicious javascript code in the user's browser. Module module name: html-pages version: 2.1.1 npm page: https://www.npmjs.com/package/html-pages Module Description Simple development http server for file serving a...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Bookme Control Panel Cross-Site Scripting Vulnerability

Bookme Control Panel is an online booking plugin for use in WordPress. A cross-site scripting vulnerability exists in the Customers 'Book Me' feature in version 2.0 of Bookme Control Panel, which stems from the program failing to filter user-submitted input. A remote attacker can exploit this...

Jupyter Notebook -- vulnerability

MITRE reports: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Cross site scripting

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Cross site scripting

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript...

Magento cross-site scripting vulnerability (CNVD-2018-04517)

Magento is an open source PHP e-commerce system from Magento, which provides permission management, search engine and payment gateway. Magento has a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript script code...

Cross site scripting

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

Cross site scripting

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

CVE-2018-7278

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

CVE-2018-7205

Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts - Create devic...

Input validation

DISPUTED In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

CVE-2017-14522

Summary: CVE-2017-14522 affects WonderCMS 2.3.1, where input fields can accept arbitrary data and lead to execution of malicious JavaScript. Multiple sources corroborate a stored XSS risk in WonderCMS 2.3.1, with vendor dispute that this is a feature allowing only a logged-in administrator to wri...

711cms V1.0.5 has cross-site scripting vulnerability

711cms is the first open source cms for APP application market, pc station + wap station + APP native client three stations in one, to provide a complete APP application market construction, operation and promotion of one-stop solution. A cross-site scripting vulnerability exists in version 711cm...

Cross site scripting

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...