K75532331: iRulesLX debug NodeJS vulnerability CVE-2019-6644

Security Advisory Description Similar to the issue identified in CVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. CVE-2019-6644 Impac...

K37111863: NodeJS vulnerability CVE-2018-12120

Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the...

CVE-2023-22984

A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...

CVE-2023-22984

A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...

iziModal 跨站脚本漏洞

iziModal is an elegant, responsive, flexible and lightweight jQuery modal plugin. A security vulnerability exists in iziModal versions prior to 1.6.1, which stems from a cross-site scripting XSS attack when handling untrusted modal headers, and can be exploited to execute arbitrary HTML or...

PT-2023-18810 · Axis · Axis 207W

Name of the Vulnerable Software and Affected Versions: Axis 207W network camera affected versions not specified Description: A reflected XSS issue in the web administration portal of the Axis 207W network camera allows an attacker to execute arbitrary JavaScript via URL. This enables the attacker...

SUSE CVE-2008-5512

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute...

SUSE CVE-2012-3965

Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...

SUSE CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

SUSE CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easie...

SUSE CVE-2020-8020

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb...

SUSE CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript...

CVE-2022-4286

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

B&R Industrial Automation GmbH Runtime 跨站脚本漏洞

B&R Industrial Automation GmbH Runtime is a major component of AS from B&R Industrial Automation GmbH, Austria. A cross-site scripting vulnerability exists in B&R Industrial Automation GmbH Runtime version 3.00 and C4.93, which stems from the presence of a Reflective Cross-Site Scripting XSS...

CVE-2023-22735 User uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...

Cross site scripting

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

CVE-2022-41312

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

CVE-2022-41313

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...