Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-40533)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

CVE-2019-15269

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

CVE-2019-15281 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...

CloudCTI HIP Integrator Recognition Configuration Tool Elevation of Privilege Vulnerability

CloudCTI HIP Integrator Recognition Configuration Tool is an integrator recognition configuration tool from CloudCTI, Netherlands. A security vulnerability exists in the CloudCTI HIP Integrator Recognition Configuration Tool that originates from an elevated privilege process that can execute...

Cisco Identity Services Engine CVE-2019-12638 HTML Injection Vulnerability

Description Cisco Identity Services Engine is prone to an HTML-injection vulnerability because it fails to properly validate user-supplied input. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application,...

Intelbras Router WRN150 Cross-Site Scripting Vulnerability

The Intelbras Router WRN150 is a wireless router from Intelbras Brazil. A cross-site scripting vulnerability exists in the Intelbras Router WRN150. An attacker can exploit the vulnerability to execute arbitrary script code in the context of the affected site. This allows an attacker to steal...

Adobe Experience Manager APSB19-48 Multiple Security Vulnerabilities

Description Adobe Experience Manager is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to gain access to sensitive...

keycloak: script execution via realm management policy trigger

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2019-35573)

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability in Microsoft Dynamics 365 on-premises version...

SAP BusinessObjects Business Intelligence Reflective Cross-Site Scripting Vulnerability (CNVD-2019-34409)

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A reflected cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2 and 4.3. The vulnerability stems from the product...

Subrion cross-site scripting vulnerability (CNVD-2019-44570)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion version 4.2.1, which can be exploited by an attacker to execute...

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

File Containment Vulnerability in Website Building System of Beijing Zhengmeng Network Technology Co.

Beijing positive amount of network technology limited company positive amount of network, is based on cloud computing enterprise electronic bidding and procurement and supply chain cooperative management overall solution provider. Beijing positive amount of network technology limited company...

LibreOffice < 6.2.7 / 6.3.x < 6.3.1 Multiple Vulnerabilities (Windows)

The version of LibreOffice installed on the remote Windows host is prior to 6.2.7 or 6.3.x prior to 6.3.1. It is, therefore, affected by the following vulnerabilities: - A directory traversal vulnerability resulting from a feature in LibreOffice which allows documents to specify pre-installed...

CVE-2019-12707

A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient...

Cisco IOS and IOS XE Cross-Site Scripting Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A cross-site scripting vulnerability exists in the web framework code in Cisco IOS and Cisco IOS XE, which stems from a program that fails to perform sufficient input validation. A remote attacker coul...