krpano Panorama Viewer 跨站脚本漏洞

krpano Panorama Viewer is a software for viewing panorama files from the German company krpano. The software supports high-resolution images, interactive virtual roaming, custom-designed user interface, and other features. A cross-site scripting vulnerability exists in Krpano Panorama Viewer in...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Connect’s instant messaging program lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Brave Software: Arbitrary file download due to bad handling of Redirects in WebTorrent

Summary: Previously I reported 963155 how an attacker can trick user into downloading malicious files using ".save torrent" feature, In this report I am going to reproduce the same behavior but by abusing a different feature. Description While I was testing webtorrent on brave I noticed that...

Brave Software: Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS

Summary: An attacker can use the "Save .torrent file" option in WebTorrent to smuggle malicious files onto the client's machine. Description Brave allows users to download the ".torrent" via WebTorrent. WebTorrent decides whether a file is torrent or not based on the following headers...

PT-2020-6126 · Lxml +9 · Lxml +9

Name of the Vulnerable Software and Affected Versions: lxml versions prior to 4.6.3 Description: A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. The issue arises when the safe attrs only and forms arguments are disabled in...

IBM Tivoli Netcool Impact Cross-Site Scripting Vulnerability (CNVD-2020-20671)

IBM Tivoli Netcool Impact is a suite of network management software from IBM in the United States. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. A cross-site scripting vulnerabilit...

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability

IBM WebSphere Application Server Liberty is a U.S. IBM company built on the Open Liberty project on top of the Java application server . A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 19.0.0.11. A remote attacker can exploit this...

CVE-2019-13392

A reflected Cross-Site Scripting XSS vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that th...

The vulnerability of the Palo Alto Networks MineMeld software lies in the lack of protection for website structures, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Palo Alto Networks MineMeld software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2019-23520)

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be exploited by...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2019-20850)

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in a single IBM SmartCloud Enterprise cloud environment image to provide requirements management,...

Vulnerability of the software complex: Regional electronic budget. An integration platform related to insufficient protection of web page structures, allowing attackers to execute arbitrary JavaScript code in the user’s browser.

Vulnerability of the software complex: Regional electronic budget. The integration platform is associated with insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of the Expedition Migration tool, which exists due to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary JavaScript or HTML code.

The vulnerability of the Network Configuration Transfer tool exists because no measures have been taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript or HTML code remotely...

PHP League CommonMark library cross-site scripting vulnerability

PHP League CommonMark library is a PHP-based Markdown parser from the Extraordinary Packages consortium. A cross-site scripting vulnerability exists in PHP League CommonMark library versions prior to 0.18.3, which stems from the program failing to properly escape double-encoded HTML entities. A...

The vulnerability of the Cisco Jabber Client Framework software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to execute any JavaScript script they desire.

The vulnerability of the Cisco Jabber Client Framework exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript script remotely...

CVE-2018-0723

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724...

WordPress Mondula Multi Step Form Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Mondula Multi Step Form is used in one of the drag-and-drop form builder plugin . A cross-site scripting...

IBM Security Guardium Cross-Site Scripting Vulnerability (CNVD-2018-26034)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A cross-site scripting vulnerability exists in IBM Security Guardium...