Design/Logic Flaw

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0...

CVE-2020-26225

CVE-2020-26225 affects PrestaShop Product Comments. The vulnerability is a reflected cross-site scripting (XSS) flaw in the module’s handling of links, allowing an attacker to inject and execute malicious code in a user’s browser through a malicious link. Impact is described as enabling code exec...

D-Link Administrative Password Disclosure Vulnerability

D-Link models DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 suffer from an administrative password disclosure vulnerability. DLink Administrative Password Disclosure Vulnerability The problem in the following models : DIR-652 DIR-615 DIR-827 DIR-615 DIR-657 DIR-825 If login to web...

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite allows a hacker to execute HTML code.

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite antivirus tool exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code into the user’s...

The vulnerability in the FortiOS operating system’s web interface arises from the lack of protective measures for the web page structure, allowing attackers to inject arbitrary JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using a specially crafted value for the “redir” parameter...

Atlassian Universal Plugin Manager Cross-Site Scripting Vulnerability

Atlassian Universal Plugin Manager is a set of tools from Atlassian Australia for managing add-ons in Atlassian applications. A cross-site scripting vulnerability exists in the NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager versions prior to 2.22.9. A remote...

ManageEngine Recovery Manager Plus 5.3 Cross Site Scripting

Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GAREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330 Platform: Java Tested on: Windows CVE: CVE-2018-9163 1. DETAI...

FortiCloud XSS vulnerability in on-demand sandbox GUI

Before Dec 5th, 2017, a Cross-Site-Scripting XSS vulnerability in forticloud.com on-demand sandbox GUI may have allowed an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the upload of a maliciously crafted file...

The Rise of Super-Stealthy Digitally Signed Malware—Thanks to the Dark Web

Guess what's more expensive than counterfeit United States passports, stolen credit cards and even guns on the dark web? It's digital code signing certificates. A recent study conducted by the Cyber Security Research Institute CSRI this week revealed that stolen digital code-signing certificates...

tianchoy/blog Arbitrary File Upload Vulnerability

tianchoy/blog is a Chinese software developer Tian Chao developed a single-user blog creation program . A security vulnerability exists in the upload.php file in tianchoy/blog 2017-09-12 and earlier versions. A remote attacker can exploit this vulnerability to upload arbitrary files and execute P...

The vulnerability of Microsoft Exchange Server servers allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of Microsoft Exchange Server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code via email or chat clients...

The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the McAfee VirusScan Enterprise antivirus software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...

The vulnerability of Ubuntu operating systems and Debian GNU/Linux allows a perpetrator to inject any web or HTML code they desire.

The vulnerability of the GUI editor MoinMoin in Ubuntu and Debian GNU/Linux operating systems exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted U...

The vulnerability of the antivirus software Internet Security allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the antivirus software Internet Security exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...

The vulnerability of the Cisco Unified Computing System Central’s centralized device management system allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the control interface of the Cisco Unified Computing System Central device exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code by entering special parameters...

The vulnerability of the ColdFusion interpreter allows attackers to inject arbitrary Web or HTML code.

The vulnerability of the ColdFusion interpreter exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject any desired Web or HTML code remotely...

The vulnerability of the McAfee Email Gateway software allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the McAfee Email Gateway security software exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code through a specially crafted email message...

The vulnerability of WebSphere Application Server application servers allows attackers to inject arbitrary Web or HTML code.

The vulnerability of the OpenID Connect client-side web application server provided by WebSphere Application Server exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using ...

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to inject any Web or HTML code.

The vulnerability of the application interface of the IBM WebSphere Portal servers exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...