Pixars Tractor Cross-Site Scripting Vulnerability

Pixars Tractor is a web rendering solution. The product includes features such as resource sharing controls, Python module extensions, and more. A cross-site scripting vulnerability exists in Pixars Tractor 2.2 and prior versions, which can be exploited by remote attackers to inject and execute...

DEBIAN-CVE-2018-18347

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page...

ASUSTOR ADM File Explorer Cross-Site Scripting Vulnerability

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1. A remote attacker can exploit this vulnerability to execute arbitra...

TerraMaster TOS Cross-Site Scripting Vulnerability

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization, etc. Text Editor is one of the text editor. A cross-site scripting vulnerability...

TOTOLINK A3002RU cross-site scripting vulnerability (CNVD-2018-24105)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the password.htm page in TOTOLINK A3002RU version 1.0.8. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code with the help of a username...

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure, allowing attackers to inject arbitrary JavaScript or HTML code.

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

IBM WebSphere Application Server CacheMonitor Cross-Site Scripting Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the United States, which is a platform for Java EE and Web services applications and is the foundation of the IBM WebSphere software platform.CacheMonitor is one of the cache monitor...

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2019-01909)

F5 BIG-IP is an all-in-one network device from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the Configuration utility page in F5 BIG-IP versions 13.0.0-13.1.1.1 and...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20547)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

Gleez CMS Cross-Site Scripting Vulnerability

Gleez CMS is an extensible open source content management system CMS based on the Kohana framework. A cross-site scripting vulnerability exists in Gleez CMS version 1.2.0, which can be exploited by remote attackers to execute JavaScript code with the help of media/imagecache/resize page...

D-Link DIR-615 Cross-Site Scripting Vulnerability (CNVD-2018-16522)

D-Link DIR-615 is a small wireless router product from AUO D-Link. A cross-site scripting vulnerability exists in the D-Link DIR-615 version 20.07. A remote attacker can exploit this vulnerability by leveraging the 'description' field in the AddPortMapping UPnP SOAP request to inject JavaScript...

WolfCMS Cross-Site Scripting Vulnerability (CNVD-2018-16505)

WolfCMS is a PHP-based open source content management system CMS developed by the Wolf CMS team. The system provides user interface , templates , user management and rights management and other functions . A cross-site scripting vulnerability exists in WolfCMS version 0.8.3.1, which stems from th...

OWASP AntiSamy Cross-Site Scripting Vulnerability (CNVD-2018-16313)

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A cross-site scripting vulnerability exists in the 'AntiSamy.scan' function in OWASP AntiSamy 1.5.7 and earlier versions, which stems from the program failing to filter HTML/HTML5 elements. A remot...

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router (NWL-25) arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the microprogrammed software of the 4G LTE Light Industrial M2M Router NWL-25 is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns

Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...

Apache TomEE console cross-site scripting vulnerability

Apache TomEE is the United States Apache Apache Software Foundation of a Java EE server . Apache TomEE console tomee-webapp is one of the console program . A cross-site scripting vulnerability exists in Apache TomEE console tomee-webapp. A remote attacker can exploit this vulnerability to execute...

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2019-24411)

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2018-13986)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability (CNVD-2018-13761)

Fortinet FortiManager and FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management solution.FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in Fortinet FortiManager version...