WP Last Modified Info < 1.6.6 - Authenticated Stored XSS

When saving a new campaign, a user with administrator capabilities can store scripts in the plugin's options. The code can then be executed on every page or post on the website. PoC An administrator can store scripts in the "Custom Message to Display on Posts" text input field. Reason for this wa...

Insufficient URL Validation

LibreOffice is vulnerable to insufficient URL validation, allowing LibreLogo script execution...

RHEL 7 : libreoffice (RHSA-2020:1151)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1151 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

DEBIAN-CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.6, Firefox 74, Firefox ESR68.6...

WL-Enq (WEB Enquete) vulnerable to cross-site scripting

Overview WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judg...

Mozilla: BodyStream:: OnInputStreamReady was missing protections against state confusion

The Mozilla Foundation Security Advisory describes this flaw as: By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash...

Mozilla: BodyStream:: OnInputStreamReady was missing protections against state confusion

The Mozilla Foundation Security Advisory describes this flaw as: By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash...

Mozilla: BodyStream:: OnInputStreamReady was missing protections against state confusion

The Mozilla Foundation Security Advisory describes this flaw as: By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash...

CKEditor WSC Plugin Cross-Site Scripting Vulnerability

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in WSC 5.5.7.5 and earlier versions of CKEditor 4, which stems from the plugin incorrectly validating user-supplied input. The vulnerability can be exploited to run arbitrary web scripts with the help o...

CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.6, Firefox 74, Firefox ESR68.6...

UBUNTU-CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.6, Firefox 74, Firefox ESR68.6...

CVE-2020-4082

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...

CVE-2020-4082

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...

DEBIAN-CVE-2020-10174

inittmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this...

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

CVE-2019-19608

A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from th...

CVE-2020-3156

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could...

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05074)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...