CVE-2020-7574

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...

WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Exploit Title: Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion Google Dork: N/A Date: 2020-04-13 Exploit Author: Daniel Monzón stark0de Vendor Homepage: http://davidlingren.com/ Software Link: https://wordpress.org/plugins/media-library-assistant/ Version: 2.81 Tested on:...

Privilege Escalation

firefox is vulnerable to privilege escalation. The vulnerability exists when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firef...

Cross-Site Scripting (XSS)

modperl is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via el/functions.jsp, el/implicit-objects.jsp and jspx/textRotate.jspx in examples/jsp2...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2020-22337)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

CVE-2020-4252

IBM DOORS Next Generation DNG/RRC 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2020-11509

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...

Cross site scripting

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...

Cross site scripting

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...

Cross site scripting

Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal subscriber-level permissions to save arbitrary JavaScript in the plugin's settings panel via the idxupdaterecaptchakey AJAX action and a crafted idxrecaptchasitekey parameter, which...

CVE-2020-11516

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...

CVE-2020-4303

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2020-3884

An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution...

Cross-Site Scripting (XSS)

squid is vulnerasble to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the username or auth parameter in cachemgr.cgi...

CVE-2020-9055 Versiant Lynx Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow an attacker to execute arbitrary JavaScript

Versiant LYNX Customer Service Portal CSP, version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or...

Cross-Site Scripting

Overview Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser...

Apple macOS Catalina Mail component xss vulnerability

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in the Mail component of Apple macOS Catalina versions prior to 10.15.4. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code...

Apple Mac OS X Security Update (HT211100 - 04)

Apple Mac OS X is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cross-site Scripting (XSS)

resteasy-jaxrs is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization of the value of strVal, allowing RESTEASY003870 exceptions be used to execute arbitrary Javascript in a user's browser...

CVE-2019-4718

IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123...