6727 matches found
Hardcoded credentials
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...
UBUNTU-CVE-2018-6110
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...
CVE-2018-6110
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...
CVE-2018-6110
CVE-2018-6110 affects Google Chrome/Chromium where the Downloads component wrongly parses documents as HTML during processing, allowing a remote attacker to cause script execution via a local non-HTML page. Public sources in the connected set confirm affected product families (Chromium/Chrome) an...
CVE-2018-6110
Removed by vendor...
SAP CRM WebClient UI Cross-Site Scripting Vulnerability
SAP CRM Customer Relationship Management is a set of German SAP SAP customer relationship management solutions. The program includes sales management, marketing management, customer service system and other modules. SAP CRM WebClient UI is one of the Web client interface. A cross-site scripting...
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...
WESEEK GROWI Cross-Site Scripting Vulnerability (CNVD-2019-04901)
WESEEK GROWI is a suite of team collaboration software from WESEEK Japan. A cross-site scripting vulnerability exists in WESEEK GROWI 3.2.3 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary script in a user's web browser...
Vulnerabilities in the ABC website building system of Beijing EWY Data Technology Co.
Beijing Yiwei Cloud Data Technology Co., Ltd. is an innovative enterprise focusing on providing Internet basic data services and data operation for small and medium-sized enterprises. Beijing Yiwei Cloud Data Technology Co., Ltd. station building ABC station building system there is an override...
CVE-2018-1000856
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...
CVE-2018-1000874
PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...
JVN#32155106: Multiple vulnerabilities in i-FILTER
i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...
Microsoft Azure App Services on Azure Stack Cross-Site Scripting Vulnerability
Microsoft Azure App Services on Azure Stack is a suite of Platform-as-a-Service PaaS solutions from Microsoft Corporation USA. The product supports the creation of Web, API, and Azure applications for multiple platforms and devices. A cross-site scripting vulnerability exists in Microsoft Azure A...
WordPress Plugin WP Master Slider Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin WP Master Slider version v3.5.1, which can be exploited by an...
WordPress Plugin Event Calendar WD Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Event Calendar WD, which could allow an attacker to execu...
Unauthorized Access Vulnerability in 360 Security Guard's Blocking of Added Users
360 Security Guard is a security antivirus program. An unauthorized access vulnerability exists when 360 Security Guard blocks adding users. An attacker can exploit the vulnerability to execute scripts to bypass 360 Security Guard blocking and add users...
Security update for libgit2 (moderate)
This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...
SUSE-SU-2018:3440-1 Security update for libgit2
This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...
Mitel ST 14.2 Cross-Site Scripting Vulnerability
Mitel ST is a video conferencing product from Mitel Canada. conferencing is one of the teleconferencing components. A cross-site scripting vulnerability exists in the conferencing component of Mitel ST 14.2 GA29 19.49.9400.0 and prior versions, which stems from the program failing to adequately...
Mitel MiVoice Office 400 web admin component cross-site scripting vulnerability
Mitel MiVoice Office 400 is a small and medium-sized business communications solution from Mitel Canada. The product includes features such as video conferencing, voice calls, etc. web admin is one of the web-based management components. A cross-site scripting vulnerability exists in the web admi...