556 matches found
CVE-2018-19493
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...
CVE-2018-19493
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...
CVE-2018-19493
Removed by vendor...
Cross-Site Scripting (XSS)
uima-ducc-web is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via multiple parameters due to the lack of output encoding...
Cross site scripting
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...
Cross-site Scripting (XSS)
mermaid is vulnerable to Cross-Site Scripting. Due to improper output encoding, a malicious input such as A"" can be provided to the application, allowing a remote attacker to execute arbitrary Javascript on the victim's browser...
CVE-2019-6796
Removed by vendor...
Node.js third-party modules: [file-browser] Inadequate Output Encoding and Escaping
I would like to report stored xss in file-browser module It allows an attacker to embed malicious js code as filenames,which get executed once browsed to the file over the web browser Module module name: file-browser version: 0.0.5 npm page: https://www.npmjs.com/package/file-browser Module...
Cross-Site Scripting (XSS)
dolibarr is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the transphrase parameter in notice.php due to the application not performing output encoding before displaying on the user's browser...
Bayanno Hospital Management System 4.0 Cross Site Scripting
Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Version: v4.0 Live Demo:...
Bayanno Hospital Management System 4.0 - Cross-Site Scripting
Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Version: v4.0 Live Demo:...
GitLab Cross-Site Scripting Vulnerability (CNVD-2018-16519)
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...
GitLab Cross-Site Scripting Vulnerability (CNVD-2018-16515)
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...
Cross site scripting
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding...
Cross-Site Scripting (XSS)
statics-server is vulnerable to cross-site scripting XSS. It is possible for an attacker to inject malicious iframe tags via the filename parameter and execute arbitray Javascript code. This is due to a lack of output encoding when the statics-server displays the directory index...
Design/Logic Flaw
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security...
Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2018-08347)
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in several pages i...
[SECURITY] Fedora 27 Update: php-phpmyadmin-motranslator-4.0-1.fc27
Translation API for PHP using Gettext MO files. Features All strings are stored in memory for fast lookup Fast loading of MO files Low level API for reading MO files Emulation of Gettext API No use of eval for plural equation Limitations Not suitable for huge MO files which you don't want to stor...
Audio Cutter Software - Code Injection Vulnerability
Exploit for windows platform in category dos / poc Technical Details: ================= Vulnerability Title: Audio Cutter Software - Code Injection Vulnerability Tool Name: Weeny Audio Cutter Software v1.5 Critical Level: High Author: Ajay Gowtham aka AJOXR Blackhat forums Type: Software Security...
OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - Cross-Site Scripting Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14755 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression...