Wiki.js Cross-Site Scripting Vulnerability

Wiki.js is Requarks.io team of a set of Node.js-based and written in JavaScript language open source Wiki software . A cross-site scripting vulnerability exists in the Markdown borderer in Wiki.js versions prior to 2.3.81. The vulnerability stems from a lack of proper validation of client-side da...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2021-28035)

NETGEAR R9000, R7800 and R7500 are a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can exploit this vulnerability to execute...

jQuery cross-site scripting vulnerability (CNVD-2021-26411)

jQuery is a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of jQuery prior to 3.5.0. The vulnerability...

PHP-Fusion cross-site scripting vulnerability (CNVD-2021-26414)

PHP-Fusion is a Malaysian company PHP-Fusion open source lightweight content management system based on MySql and PHP . The system contains modules such as news, articles and forums. A cross-site scripting vulnerability exists in the banners.php file in PHP-Fusion version 9.03.50. The vulnerabili...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2021-28014)

NETGEAR JNR1010 and others are a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-27216)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

Dart Cross-Site Scripting Vulnerability

Dart is an open source programming language. A cross-site scripting vulnerability exists in Dart. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

Totemo totemodata Cross-Site Scripting Vulnerability

Totemo totemodata is an enterprise secure file transfer solution from Totemo Switzerland. A cross-site scripting vulnerability exists in Totemo totemodata version 3.0.0b936, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker...

Zulip server cross-site scripting vulnerability (CNVD-2021-10499)

Zulip server is an open source team chat application from the American company Zulip. A cross-site scripting vulnerability exists in Zulip server versions prior to 2.0.5. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit this...

Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2019-27253)

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A cross-site scripting vulnerability exists in the activity stream gadget in Atlassian Jira versions prior to 7.13.1. The...

cPanel cross-site scripting vulnerability (CNVD-2019-26352)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in versions prior to cPanel 70.0.23. The vulnerability stems from a lack of proper...

Magento cross-site scripting vulnerability (CNVD-2019-26223)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento Open Source versions prior to 1.9.4.2 and Magento Commerc...

CVE-2017-9390

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

CVE-2017-9390

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

Cross site scripting

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

SUSE-SU-2017:2250-1 Security update for mercurial

This update for mercurial fixes the following issues: - CVE-2017-1000115: path traversal via symlink could lead to unauthorized access bsc1053344 - CVE-2017-1000116: argument injection in SSH URLs could lead to client-side code execution bsc1052696...

SUSE-SU-2017:2225-1 Security update for git

This update for git fixes the following issues: - CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution bsc1052481...

Dropbox: Dropbox Paper - Markdown XSS

Hello, Today I took a look at Dropbox Paper and noticed there is an option to export/download the project as a Markdown or word docx document. I noticed it doesn't filter any kind of Markdown escaping, meaning when parsed after download will let us execute client side code. equivallent to arbrita...

JSPMySQL Administrador CSRF & XSS Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product:...