CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

CVE-2018-7827

A Cross-Site Scripting XSS vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session...

Microsoft Azure DevOps Server and Team Foundation Server Cross-Site Scripting Vulnerability

Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools that provide a platform for team collaboration. Microsoft Team Foundation Server is an...

Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability

Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

The vulnerability of the Dr.Web Enterprise Security Suite, an anti-virus protection tool, lies in the lack of restrictions on writing, reading, and creating files within the server folder. This allows attackers to execute arbitrary Lua scripts.

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in the absence of restrictions on writing, reading, and creating files within the server’s directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary Lua scripts without the need for th...

Fedora Update for pacemaker FEDORA-2019-e71f6f36ac

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-18286

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the...

PT-2019-12314

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the notes parameter in the "notes.php" endpoint. Recommendations For I, Librarian versio...

PT-2019-12307

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

CVE-2018-19275

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system...

Apple iTunes Security Updates (HT209604)

Apple iTunes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"; ifdescription...

LibreOffice Macro Code Execution

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script i...

Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability

Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which arises from the program failing to properly validate...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the...

Automattic: DOM based XSS in the WooCommerce plugin

I have found a stored DOM based XSS in the order page at WooCommerce 3.5.6. The Data input from HTML element name shippingstate and billingstate in order page outputs data without escaping.When the victim read the page containing the payload, it executes the script. Steps to reproduce 1. From a...

CVE-2019-3776

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with...

Dradis Cross-Site Scripting Vulnerability

Dradis is a suite of reporting and collaboration tools for information security teams. A cross-site scripting vulnerability exists in Dradis Community Edition version 3.11 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary script in a user's browser...

Dradis Community Edition and Dradis Professional Edition vulnerable to cross-site scripting

Overview Dradis Community Edition and Dradis Professional Edition provided by Security Roots Ltd contain a cross-site scripting vulnerability CWE-79. Ohji Kashiwazaki of Ierae Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

HT-WPS Breaker - High Touch WPS Breaker

High Touch WPS Breaker HT-WB is a small tool based on the bash script language, it can help you to extract the WPS pin of many vulnerable routers and get the password, in the last you want to notice that HT-WPS Breaker in its process is using these tools : "Piexiewps" "Reaver" "Bully" "Aircrack...