Samsung Email EML File Parsing Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML...

Cross-site Scripting (XSS)

groovy-postbuild is vulnerable to cross-site scripting XSS attacks. The library does not escape user input for badge content, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the parent option in collapse.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the data-container variable in tooltip.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through HTML links on the dashboard...

Cross-site Scripting (XSS)

textAngular is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the Text Editor, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting in @risingstack/protect

All versions of @risingstack/protect are vulnerable to Cross-Site Scripting. The isXss XSS validator has several bypasses that may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation No fix is currently available. Consider using an alternative package. The packag...

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

Security Advisory - Two Vulnerabilities in APPGallery of Huawei Smart Phones

There is a whitelist mechanism bypass vulnerability and an arbitrary Javascript running vulnerability in Huawei AppGallery. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious...

Tenable Appliance vulnerable to cross-site scripting

Overview Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Wordpress Activity Log 2.4.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE : CVE-2018-8729...

SA162: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to several vulnerabilities. A remote attacker, with access to the management console, can cause denial of service through management console application crashes. A malicious appliance administrator can also inject arbitrary...

Cross site scripting

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

enhavo cross-site scripting vulnerability

enhavo is a set of open source CMS written in PHP based on the Symfony framework content management system. A cross-site scripting vulnerability exists in enhavo version 0.4.0. A remote attacker can exploit this vulnerability to inject and execute arbitrary types of JavaScript code...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross site request forgery (csrf)

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross-Site Scripting Vulnerability in IBM WebSphere Portal

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...