Cross-site Scripting (XSS)

Bolt is vulnerable to cross-site scripting XSS. The vulnerability exists due to lack of proper handling of Create file for system log in file manager, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through the affected parameters...

Cross-Site Scripting

Overview All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently availabl...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Cross site scripting

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Cross-site Scripting (XSS)

PrimeFaces is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of validation for the parameter inputTextarea.getMaxlength on the server side, allowing an attacker to inject arbitrary Javascript into a victim's browser through the affected parameter...

Cross-Site Scripting (XSS)

ovidentia/ovidentia is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser through multiple parameters within the application...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2019-23521)

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be exploited by...

Cross-site Scripting (XSS)

nifi-web-utils is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the request attribute value...

Cross-Site Scripting (XSS)

apache tomcat is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the time parameter in sp/cal/cal2.jsp in the calendar application in the examples application...

Cross-Site Scripting (XSS)

The mndpsingh287 file manager plugin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the publicpath parameter in the wpfilemanagerroot page...

Cross-Site Scripting (XSS)

uima-ducc-web is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via multiple parameters due to the lack of output encoding...

Cross-Site Scripting (XSS)

geronimo is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the name, ip, username or description parameters in console/portal/Server/Monitoring, and PATHINFO parameter to the default URI under console/portal/...

Cross-Site Scripting

Overview Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting XSS. The package insufficiently sanitizes user input when creating links, and concatenates the user input in an tag. This allows attackers to create malicious links with JSON payloads such as: "foo":...

CVE-2019-1578

Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser...

PowerPanel Business Edition - Cross-Site Scripting

PowerPanel Business Edition - Cross-Site Scripting Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Version: 3.4.0 Tested on: Ubuntu 16.04 CVE...

PowerPanel Business Edition 3.4.0 Cross Site Scripting

Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Software Link: https://dl4jz3rbrsfum.cloudfront.net/software/ppbe340-linux-x8664.sh Version:...

PowerPanel Business Edition - Cross-Site Scripting

Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Version: 3.4.0 Tested on: Ubuntu 16.04 CVE : Pending CyberPower PowerPanel Business Edition...