CVE-2019-4494

IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

Cross-Site Scripting (XSS)

no-vnc is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript ito a victim's browser via messages propagated to the status field such as the VNC server name...

PT-2019-17108 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service JRS versions 6.0 through 6.0.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

PT-2019-17107 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service JRS versions 6.0 through 6.0.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

GHSA-6M4R-CGM3-6Q7Q Cross-Site Scripting in status-board

All versions of status-board are vulnerable to Cross-Site Scripting. The renderJsDashboard function concatenates the safeDashboard variable to the HTTP response message with insufficient sanitization. If this variable is controlled by user input it may allow attackers to execute arbitrary...

Status Board vulnerable to Cross-Site Scripting before v1.1.82

Versions of status-board prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary...

CVE-2019-4342

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421...

PT-2019-17043 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.0 through 11.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cross-Site Scripting

Overview All versions of snekserve are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...

Cross-Site Scripting

Overview Versions of vant prior to 2.1.8 are vulnerable to Cross-Site Scripting. The text value of the Picker component column is not sanitized, which may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 2.1.8 or later. References - GitHub...

Cross site scripting

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

PT-2019-16929 · Ibm · Ibm Business Process Manager +1

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 IBM Business Process Manager versions 8.6.0.0 through 8.6.0.0 Cumulative Fix 2018.03 IBM Business Process Manager versions 8.5.7.0 through 8.5.7.0 Cumulative Fix 2017.06 IBM...

Cross-Site Scripting in webtorrent

Versions of webtorrent prior to 0.107.6 are vulnerable to Cross-Site Scripting. webtorrent servers started with torrent.createServer lists a torrent's title and files in the index page without sanitization. This allows attackers to execute arbitrary JavaScript in the victim's browser through file...

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit...

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

Opencart 3.x - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Opencart 3.x.x Authenticated Stored XSS Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting

Opencart 3.x - Cross-Site Scripting Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

Opencart 3.x Cross Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...