3298 matches found
nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution
A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...
IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2020-68256)
IBM Jazz Reporting Service JRS is a suite of ready-to-use reporting components from IBM in the United States. The product includes features such as report generation, data collection and lifecycle queries. IBM Jazz Reporting Service has a security vulnerability that makes it susceptible to stored...
Bugventure Jsen Security Breach
Bugventure Jsen is a Js package for verifying Json objects from the Bugventure personal developer. A security vulnerability exists in jsen that can be exploited by an attacker to take control of a schema file, which can then be used to run arbitrary JavaScript code on the victim machine...
Cross-Site Scripting (XSS)
firefox is vulnerable to cross-site scripting XSS. An attacker can remove HTML elements during sanitization would keep existing SVG event handlers and subsequently execute arbitrary Javascript on a user's browser...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...
Cross-Site Scripting (XSS)
prestashop/productcomments is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via various parameters within the application. The vulnerability exists as the content-type of the server response is not set to...
Cross-Site Scripting (XSS)
handsontable is vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML before displaying on a user's browser, allowing an attacker to insert and execute arbitrary Javascript via the built-in functionalities...
Cross-Site Scripting (XSS)
jinja2 is vulnerable to Cross Site Scripting. An attacker is able to inject and execute arbitrary Javascript through the gettext and ngettext function due to the lack of output sanitization...
Cross-Site Scripting (XSS)
ckeditor4 is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Color History feature...
Cacti < 1.2.14 XSS Vulnerability - Linux
Cacti is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
U.S. Dept Of Defense: Reflected Xss in [██████]
Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...
CVE-2020-24432
Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...
Adobe Acrobat and Reader Input Validation Improperity Vulnerability
Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an improper input validation vulnerability. An attacker can exploit this vulnerability to achieve arbitrary JavaScript...
Cross site scripting
A cross-site scripting XSS vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’...
BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-60477)
BaserCMS is an open source enterprise-level content management system cms. A cross-site scripting vulnerability exists in versions of baserCMS prior to 4.4.1. An attacker can exploit this vulnerability by entering a specially crafted nickname in a blog comment to execute arbitrary JavaScript...
CVE-2020-15914
A cross-site scripting XSS vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...
PT-2020-20812 · Apple · Safari
Name of the Vulnerable Software and Affected Versions: Safari versions prior to 13.0.5 Description: A custom URL scheme handling issue was addressed with improved input validation. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. Recommendations: For versions...
Cross-Site Scripting (XSS)
strapi-plugin-content-manager is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the WYSIWYG editor's preview feature...