PT-2019-4295 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.885 Description: The issue is related to a lack of input sanitization in the filemanager2.php component, allowing for the execution of arbitrary HTML code or JavaScript scripts. This can be exploited via the cmd...

CVE-2019-10475

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...

CMS Made Simple <= 2.2.11 Cross-Site Scripting (XSS) Vulnerability

CMS Made Simple is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting

V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is...

Cross site scripting

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name...

CVE-2019-14996

The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the searchOwnerUserName parameter...

Cross site scripting

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...

CloudBees Jenkins Warnings Next Generation Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Warnings Next Generation Plugin is used in one of the plug-in used to collect compiler...

CVE-2019-10376

A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...

CVE-2019-10373

A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

CVE-2019-10376

A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...

Yahei-PHP Prober 0.4.7 HTML Injection

Yahei-PHP Prober v0.4.7 speed Remote HTML Injection Vulnerability Vendor: Yahei.Net Product web page: http://www.yahei.net Affected version: 0.4.7 Summary: Detection of system web server operating environment. Desc: Input passed to the GET parameter 'speed' is not properly sanitised before being...

CVE-2019-10349

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

CVE-2019-10349

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

CVE-2019-10336

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...

CVE-2018-7827

A Cross-Site Scripting XSS vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session...

Cross-site Scripting (XSS)

Foreman is vulnerable to cross-site scripting attacks. Remote unauthenticated attacker could exploit the Facts Submission component by injecting arbitrary html and script code into the web site which would alter the appearance and make it possible to initiate further attacks against site visitors...

Cross-Site Scripting (XSS)

Foreman is vulnerable to cross-site scripting XSS attacks. A remote attacker could exploit a flaw in the web interface component. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface...

Cross-Site Scripting (XSS)

Foreman is vulnerable to cross-site scripting attacks. This could allow an attacker with privileges to set the name in a template to display arbitrary HTML including scripting code within the web interface...

CVE-2019-10887

A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...