4774 matches found
CVE-2020-4082
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...
SAP NetWeaver Process Integration CVE-2020-6305 Cross Site Scripting Vulnerability
Description SAP NetWeaver Process Integration is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
oVirt Engine CVE-2019-19336 Cross Site Scripting Vulnerability
Description oVirt Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the...
Cisco Crosswork Change Automation CVE-2019-16024 Cross Site Scripting Vulnerability
Description Cisco Crosswork Change Automation is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Fortinet FortiAuthenticator CVE-2019-16154 Cross Site Scripting Vulnerability
Description Fortinet FortiAuthenticator is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Multiple Jenkins Plugins Multiple Security Vulnerabilities
Description Jenkins plugins are prone to the following vulnerabilities: 1. Multiple information-disclosure vulnerabilities. 2. Multiple cross-site request forgery vulnerabilities. 3. Multiple HTML-injection vulnerabilities. 4. An XML External Entity injection vulnerability An attacker may...
WordPress Prior to 5.3.1 Multiple Security Vulnerabilities
Description WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions and perform unauthorized actions or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Skype for Business Server CVE-2019-1490 Spoofing Vulnerability
Description Microsoft Skype for Business Server are prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks, execute arbitrary script code in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials an...
IBM Cloud Pak System CVE-2019-4098 Cross Site Scripting Vulnerability
Description IBM Cloud Pak System is prone to an cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication...
CVE-2019-11290
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...
CVE-2019-11290 Cloud Foundry UAA logs query parameters in tomcat access file
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...
Cisco Unified Communications Domain Manager CVE-2019-15968 HTML Injection Vulnerability
Description Cisco Unified Communications Domain Manager is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing...
WebKit Cross Site Scripting and Multiple Memory Corruption Vulnerabilities
Description WebKit is prone to a cross-site scripting vulnerability and multiple memory-corruption vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or execute arbitrary code in the...
APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
State-sponsored advanced persistent threat APT groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials. The National Security Agency NSA issued a...
Eclipse Mojarra CVE-2019-17091 Cross Site Scripting Vulnerability
Description Eclipse Mojarra is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may all...
Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Office SharePoint CVE-2019-1262 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
WordPress API Bearer Auth 20181229 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Api bearer auth 20181229 Api bearer auth is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary scri...
WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected...
WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execut...