Malicious Package in dynamo-schema

Version 0.0.3 of dynamo-schema contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.3 of this module is found installed you wi...

Malicious Package in coffee-project

Version 1.7.5 of coffee-project contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.7.5 of this module is found installed you...

GHSA-C82C-8PJW-6829 Malicious Package in @impala/bmap

Version 1.0.3 of @impala/bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you wil...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting. The agent name in the build time trend page is not validated, allowing an attacker to inject and execute arbitrary Javascript in a user's browser...

CVE-2020-14492

OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser...

CVE-2020-14063

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

CVE-2020-14063

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Design/Logic Flaw

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

CVE-2020-9644

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting stored vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

Cross site scripting

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-9647

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting dom-based vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

Cross-site Scripting (XSS)

Overview elastic-app-search is a Ruby client for the Elastic App Search. Affected versions of this package are vulnerable to Cross-site Scripting XSS. They contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result,...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. The vulnerability is possible as an attacker can inject a malicious payload that will execute in a user's browser through header column renaming feature in table panel...

Cross-Site Scripting (XSS)

anchorcms/anchor-cms is vulnerable to cross-site scripting XSS. A user with a privilege to login as administrator is allowed to post arbitrary script via the post creation feature which will execute in a user's browser when visited...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to introduce a malicious payload that will execute in a user's browser through annotation popups...

CVE-2020-5346

RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript...

Cross site scripting

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...

Cross site scripting

Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal subscriber-level permissions to save arbitrary JavaScript in the plugin's settings panel via the idxupdaterecaptchakey AJAX action and a crafted idxrecaptchasitekey parameter, which...