2304 matches found
Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-31427)
Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.8.2...
Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-31421)
Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.8.1...
Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32375)
Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code b...
CVE-2020-10603
WebAccess/NMS versions prior to 3.0.2 does not properly sanitize user input and may allow an attacker to inject system commands remotely...
CVE-2020-5552
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the 1 link, 2 logo.link, or 3 aboutlink parameter, or a nested URI scheme name for 4 javascript, 5 asfunction, or 6 vbscript...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...
Electronic Logbook (ELOG) Cross-Site Scripting Vulnerability (CNVD-2020-14077)
ELOG is a web application written in C by Stefan Ritt that can be used to create personal and frequently used logs. A cross-site scripting vulnerability exists in Electronic Logbook ELOG 3.1.4. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML into elogd.c...
PT-2020-7693 · Unknown · Déjà Vu Crescendo Sales Crm
Name of the Vulnerable Software and Affected Versions: Déjà Vu Crescendo Sales CRM affected versions not specified Description: The issue is related to a remote SQL Injection. No further details are provided about the estimated number of potentially affected devices or real-world incidents...
Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-04071)
Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the review resources in Atlassian Fisheye and Crucible...
CVE-2019-6029
Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-6031
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (NVD-C-2019-212010)
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...
CVE-2019-19830
core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...
CVE-2019-19387
A cross-site scripting XSS vulnerability in app/fifolist/fifointeractive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter...
FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-43412)
FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in app/fax/faxlogview.php in FusionPBX 4.4.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the faxuuid parameter...
DEBIAN-CVE-2015-2793
Cross-site scripting XSS vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openididentifier parameter in a verify action to ikiwiki.cgi...
Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light
A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed 'Light Commands,' the hack relies on a vulnerability i...
Cross site scripting
A cross-site scripting XSS vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version...
Cross-Site Scripting (XSS)
hexo-admin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the post-editor. Successful exploitation can result in the theft of session cookies or execution of unauthorized actions on behalf of the user...