CVE-2020-9520

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled...

CVE-2019-10146

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

Cross site scripting

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

Cross site scripting

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

Cross site scripting

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

CVE-2020-10103

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an acti...

CVE-2019-10146

A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

CVE-2019-10957

Geutebruck IP Cameras G-CodeEEC-2xxx, G-CamEBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx: All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in...

Computer Repair Shop < 2.0 - Authenticated Stored XSS

Computer Repair Shop is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. Fixed in version 2.0. PoC The plugin's options provided a basic HTML validation, which could be bypassed by copying + pasting malicious code into the...

Computer Repair Shop < 2.0 - Authenticated Stored XSS

Computer Repair Shop is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. Fixed in version 2.0. The plugin's options provided a basic HTML validation, which could be bypassed by copying + pasting malicious code into the...

UBUNTU-CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior...

Design/Logic Flaw

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit...

Cross-Site Scripting

Overview Versions of vant prior to 2.1.8 are vulnerable to Cross-Site Scripting. The text value of the Picker component column is not sanitized, which may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 2.1.8 or later. References - GitHub...

CVE-2019-6180

A stored cross-site scripting XSS vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not execute...

Malicious Package

iie-viz is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

@fangrong/xoc is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

ngx-context-menu is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send tohttps://js-metrics.com/minjs.php?pl=...

Malicious Package

pyramid-proportion is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send tohttps://js-metrics.com/minjs.php?pl=...

Malicious Package

pensi-scheduler is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...