npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js

A flaw was found in the serialize-javascript before version 3.1.0. This flaw allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js."...

Cross site scripting

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a vnd.wap.xhtml+xml...

RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2796 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

CVE-2019-20414

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2...

XSS in WYSIWYG editor via pasted code - CVE-2020-14164

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the WYSIWYG editor. The affected versions are before 8.5.9, and from version 8.6.0 before 8.8.2. Affected versions: version...

CVE-2020-7660

A flaw was found in the serialize-javascript before version 3.1.0. This flaw allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js."...

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

CVE-2020-7660

CVE-2020-7660 affects the serialize-javascript package prior to 3.1.0, where the function named deleteFunctions in index.js can be abused by a remote attacker to inject arbitrary code. The vulnerability enables remote code execution with network access and no authentication, with potential for hi...

The vulnerability of the Central Control Server (CCS) and the Video Server of Siemens’ SiNVR 3 solution, related to the lack of measures for cleaning input data, allows a intruder to inject malicious code into the web application of the Central Control Server.

The vulnerability of the Central Control Server CCS and the video server of Siemens’ SiNVR 3 solution relates to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to inject malicious code into the web application of the Central Control Server...

Centreon host-monitoring widget, service-monitoring widget and tactical-overview widget cross-site scripting vulnerabilities (CNVD-2021-28003)

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon. The product mainly provides monitoring of network , system and application resources . host-monitoring widget is one of the host monitoring widget . service-monitoring widget is one of the...

CVE-2020-13628

CVE-2020-13628 is a cross-site scripting (XSS) vulnerability in Centreon’s web widgets. The flaw allows remote attackers to inject arbitrary script or HTML via the widgetId parameter in host-monitoring/src/toolbar.php. Affected components and fixes are documented across multiple Centreon widgets:...

CVE-2020-12706

The CVE-2020-12706 issue affects PHP-Fusion 9.03.50, where multiple stored Cross-site Scripting vulnerabilities exist in the FAQ admin and shoutbox admin paths (faq/faq_admin.php and shoutbox_panel/shoutbox_admin.php) via the go parameter. Attackers can inject arbitrary scripts to the affected pa...

IBM Tivoli Netcool Impact Cross-Site Scripting Vulnerability (CNVD-2020-19258)

IBM Tivoli Netcool Impact is a suite of network management software from IBM in the United States. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. A cross-site scripting vulnerabilit...

CVE-2019-13463

CVE-2019-13463 describes an XSS vulnerability in the WordPress plugin Simple Link Directory (qcopd-shortcode-generator.php) prior to version 7.3.5. The root cause is that esc_html is not applied to the output statements, specifically echo get_the_title() and echo $term->name , allowing remote ...

Electronic Arts Origin Client Remote Code Injection (CVE-2019-11354)

A template injection vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper validation of data in the title parameter. Successful exploitation could result in command execution on the target machine in the context of the application...

CVE-2014-9606

Netsweeper CVE-2014-9606 involves multiple XSS vulnerabilities in Netsweeper releases: 3.1.10 and older 4.0.x (before 4.0.9) and 4.1.x (before 4.1.2). The XSS can be triggered by specially crafted inputs in five vectors: (1) server parameter to remotereporter/load_logfiles.php, (2) customctid to ...

Cisco Jabber Guest WEB Interface Cross-Site Scripting Vulnerability

Cisco Jabber Guest is a consumer-to-business C2B solution. A cross-site scripting vulnerability exists in the Cisco Jabber Guest WEB interface, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive information or hijack user sessio...

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

CVE-2013-3322

CVE-2013-3322 affects NetApp OnCommand System Manager (versions <= 2.1 and

Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2018-1305)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...