3236 matches found
Cross-Site Scripting (XSS)
getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victims browser via the Title of the "Site options" in the admin panel dashboard dropdown...
Cross-Site Scripting (XSS)
angular-froala is vulnerable to cross-site scripting XSS. The ngModel.$isEmpty function allows a remote attacker to inject arbitrary Javascript into a victim's browser since it bypasses the native froala security cleaning method by executing the content of value with the jQuery function...
Cross-Site Scripting (XSS)
getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the title of a new page...
CVE-2019-1568
Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...
CVE-2019-1568
Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...
Cross-Site Scripting (XSS)
Red Hat Satellite 5 is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to pass malicious input via the parameters in admin/BunchDetail.do; and software/packages/NameOverview.do; with the intention of executing arbitrary Javascript code on the victims browser...
Cross-site Scripting (XSS)
jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...
Cross-site Scripting (XSS)
jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...
F5 Networks BIG-IP : NodeJS vulnerability (K37111863)
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...
PT-2019-16885 · Ibm · Ibm Sterling B2B Integrator Standard Edition
Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...
PT-2019-16851 · Ibm · Ibm Content Navigator
Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 2.0.3 through 3.0CD Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...
Cross-site Scripting (XSS)
jetty-util is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the directory listing does not encode characters in UTF-8, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through unicode characters...
KingComposer - Authenticated Stored XSS
An user with the Contributor or Author privileges can inject arbitrary Javascript code in a KC section. When an admin or editor opens the malicious KC section the arbitrary JS code runs...
Cross-Site Scripting
Overview All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently...
Apache Airflow vulnerable to Stored XSS
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Cross site scripting
Cross-site scripting XSS vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View...
CVE-2019-0216
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
CVE-2019-0216
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Code injection
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-214
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...