1046 matches found
DEBIAN-CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
CVE-2017-15515
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field...
SchoolCMS Cross-Site Scripting Vulnerability
SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . SchoolCMS has a cross-site scripting vulnerability. Attackers can use this vulnerability to inject arbitrary Web script or...
Juniper ATP Cross-Site Scripting Vulnerability (CNVD-2019-24385)
Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A cross-site scripting vulnerability exists in the Zone configuration in Juniper ATP...
Juniper ATP Cross-Site Scripting Vulnerability (CNVD-2019-24381)
Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A cross-site scripting vulnerability exists in the Golden VM menu in Juniper ATP...
Malicious Package
rrgod is a malicious package designed run arbitrary scripts when installed. All versions of this package is considered malicious and must not be used. The package downloads a malicious file and executes the contents after installation...
Malicious Package
Overview All versions of rrgod are considered malicious. The package is malware designed to run arbitrary scripts. When installed, the package downloads an arbitrary file and executes its contents as a pre, post and install scripts. Recommendation This package is not available on the npm Registry...
CVE-2018-0666
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...
Design/Logic Flaw
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...
WESEEK GROWI cross-site scripting vulnerability (CNVD-2018-26771)
WESEEK GROWI is a suite of team collaboration software from WESEEK Japan. A cross-site scripting vulnerability exists in WESEEK GROWI version 3.2.3 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's web browser...
CVE-2018-6081
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page...
WordPress plugin LearnPress cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin LearnPress, which can be exploited by an attacker to...
CVE-2018-16226
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 v8839a1 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack, due to insufficient validation for the start.asp page. A successful exploit could allow th...
Ekushey Project Manager CRM Cross-Site Scripting Vulnerability
Ekushey Project Manager CRM is a project management application. The program features project management, client management and team management. A cross-site scripting vulnerability exists in Ekushey Project Manager CRM version 3.1. A remote attacker can exploit this vulnerability to inject...
WordPress Plugin Jibu Pro Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Jibu Pro, which can be exploited by an attacker to execut...
Script injection vulnerability in multiple Yamaha Corporation products (CNVD-2018-16849)
Yamaha Broadband VoIP Router RT57i and others are Yamaha Corporation router products. A script injection vulnerability exists in multiple Yamaha Corporation products, where an administrator with malicious intent could embed arbitrary scripts into an administrative screen in a scenario where...
Design/Logic Flaw
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2017-15429
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...