CVE-2019-4342

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421...

PT-2019-17043 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.0 through 11.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cross-Site Scripting

Overview All versions of snekserve are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...

Cross-Site Scripting

Overview Versions of vant prior to 2.1.8 are vulnerable to Cross-Site Scripting. The text value of the Picker component column is not sanitized, which may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 2.1.8 or later. References - GitHub...

Cross site scripting

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

PT-2019-16929 · Ibm · Ibm Business Process Manager +1

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 IBM Business Process Manager versions 8.6.0.0 through 8.6.0.0 Cumulative Fix 2018.03 IBM Business Process Manager versions 8.5.7.0 through 8.5.7.0 Cumulative Fix 2017.06 IBM...

Cross-Site Scripting in webtorrent

Versions of webtorrent prior to 0.107.6 are vulnerable to Cross-Site Scripting. webtorrent servers started with torrent.createServer lists a torrent's title and files in the index page without sanitization. This allows attackers to execute arbitrary JavaScript in the victim's browser through file...

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit...

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

Opencart 3.x - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Opencart 3.x.x Authenticated Stored XSS Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting

Opencart 3.x - Cross-Site Scripting Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

Opencart 3.x Cross Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

Cross-site Scripting (XSS)

Bolt is vulnerable to cross-site scripting XSS. The vulnerability exists due to lack of proper handling of Create file for system log in file manager, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through the affected parameters...

The vulnerability in the implementation of the res protocol in Google Chrome web browsers allows a hacker to execute arbitrary JavaScript code.

The vulnerability in the implementation of the res protocol in Google Chrome browsers exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code through the Internet Explorer web...

Cross-Site Scripting

Overview All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently availabl...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Cross site scripting

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...