6727 matches found
CVE-2020-11030
CVE-2020-11030 affects WordPress blocks/search handling. A crafted payload can cause scripts to run within the block editor search block when an authenticated user with content-adding rights is present. The vulnerability is mitigated by upgrading to WordPress 5.4.1 or applying the listed minor re...
CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...
CVE-2019-10169
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...
CVE-2019-10170
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...
PT-2020-3601 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: In affected versions of WordPress, files with...
USN-4348-1 mailman vulnerabilities
It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. CVE-2018-0618 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text o...
Sales Force Assistant vulnerable to cross-site scripting
Overview Sales Force Assistant provided by NI Consulting CO.,Ltd. contains a cross-site scripting vulnerability CWE-79. Masanobu Miyagi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...
Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2020-26662)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon 'E-mail'. An attacker can exploit the vulnerability ...
Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20200407)
libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands libreoffice: Insufficient URL validation allowing LibreLogo script execution libreoffice: LibreLogo global-event script execution libreoffice: Insufficient URL encoding flaw in allowed script location check...
CVE-2020-11753
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...
Malicious Package
Overview fontawesome-sass-c is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview telegrambot-ruby is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview apache-slingapiclient is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview language-mixer is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using language-mix...
Malicious Package
Overview doge-helper is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using doge-helper...
Malicious Package
Overview apibancaclient is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using apibancaclie...
Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-24061)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...
Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-24057)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...
Microsoft SharePoint Spoofing Vulnerability (CNVD-2020-23443)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...
Microsoft SharePoint and Project Cross-Site Scripting Vulnerability
Microsoft SharePoint and Microsoft Project are both products of Microsoft Corporation.Microsoft SharePoint is a set of enterprise business collaboration platforms that are used to integrate business information and enable sharing of work and collaboration with others, organizing projects and...