Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

F5 Networks BIG-IP : NodeJS vulnerability (K37111863)

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

PT-2019-16885 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

PT-2019-16851 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 2.0.3 through 3.0CD Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cross-site Scripting (XSS)

jetty-util is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the directory listing does not encode characters in UTF-8, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through unicode characters...

KingComposer - Authenticated Stored XSS

An user with the Contributor or Author privileges can inject arbitrary Javascript code in a KC section. When an admin or editor opens the malicious KC section the arbitrary JS code runs...

Cross-Site Scripting

Overview All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently...

Apache Airflow vulnerable to Stored XSS

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

Cross site scripting

Cross-site scripting XSS vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View...

CVE-2019-0216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

CVE-2019-0216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

Code injection

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

PYSEC-2019-214

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

PYSEC-2019-214

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

CVE-2019-0216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

Design/Logic Flaw

The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings...

Cross-Site Scripting

Overview All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages. Recommendation No fix is...

Cross-Site Scripting (XSS)

simple-markdown is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via Data or Vbscript URIs, e.g data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGknKTwvc2NyaXB0Pg==...

CVE-2019-10634

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields...