PYSEC-2019-116

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

Deserialization of untrusted data

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

CVE-2019-17206

The CVE-2019-17206 entry describes an Uncontrolled deserialization of a pickled object in the Frost Ming rediswrapper (Redis Wrapper) code path, specifically in models.py, that existed prior to version 0.3.0. This vulnerability allows an attacker to execute arbitrary scripts due to unsafe pickle ...

Tyto Software Sahi Pro Remote Code Execution Vulnerability

Tyto Software Sahi Pro is a suite of automated testing tools from Tyto Software India. Tyto Software Sahi Pro suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary scripts on a remote Sahi Pro server...

XSS Vulnerability in UQCMS Single Merchant System

UQCMS Single Merchant System is an external display and shopping system suitable for running your own products. UQCMS Single Merchant System suffers from an XSS vulnerability, which can be exploited by attackers to inject arbitrary Web script or HTML...

WordPress Yoast SEO Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Yoast SEO Plugin versions prior to 11.6-RC5, which ca...

CVE-2019-5970

Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross-site Scripting (XSS)

Red Hat JBoss Enterprise Application Platform is vulnerable to cross-site scripting XSS attacks in JBoss Management Console, which allows user with roles that can create objects to inject arbitrary scripts to perform attack...

XSS Vulnerability in JEESNS Article Comments

JEESNS is an open source social management system developed on JAVA's enterprise-class platform. JEESNS article comments at the XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...

Sql injection

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the...

CVE-2018-18286

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the...

Palo Alto Networks Expedition Migration Tool Cross-Site Scripting Vulnerability (CNVD-2019-13414)

Palo Alto Networks Expedition Migration Tool is a security policy configuration migration tool from Palo Alto Networks, USA. An HTML injection vulnerability exists in Palo Alto Networks Expedition Migration Tool, which stems from the program's inability to properly filter user-supplied input. A...

CVE-2018-19275

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system...

Default credentials

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system...

CVE-2018-19275

Summary (CVE-2018-19275): The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers exposes a default password that could allow remote attackers to gain unauthorized access and execute arbitrary scripts, potentially impacting confidentiality, integrity, and avail...

CVE-2018-19275

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system...

Cross site scripting

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...