Magento cross-site scripting vulnerability (CNVD-2019-40743)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. Magento has a cross-site scripting vulnerability. Attackers can use this vulnerability to execute client-side cod...

Magento cross-site scripting vulnerability (CNVD-2019-40749)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. Magento has a cross-site scripting vulnerability. Attackers can use this vulnerability to execute client-side cod...

Forcepoint Email Security Cross-Site Scripting Vulnerability

Forcepoint Email Security is a suite of email protection solutions from US-based Forcepoint. The product includes features such as spam filtering, malware detection, phishing protection, and protection against intrusion BEC attacks. A cross-site scripting vulnerability exists in Forcepoint Email...

Online Store System Cross-Site Scripting Vulnerability (CNVD-2019-40112)

Online Store System is an e-commerce system. A cross-site scripting vulnerability exists in Online Store System v1.0. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerability to execute client-side code...

AVG AntiVirus Cross-Site Scripting Vulnerability (CNVD-2020-10164)

Avast Antivirus is a suite of antivirus software from the Czech company Avast. A cross-site scripting vulnerability exists in Network Notification Popup in Avast AntiVirus Free, Internet Security and Premiere Edition version 19.3.2369 build 19.3.4241.440. The vulnerability stems from a lack of...

Websieve Cross-Site Scripting Vulnerability

websieve is a web-based email server management program. A cross-site scripting vulnerability exists in websieve version v0.62, which stems from the lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

F5 BIG-IP cross-site scripting vulnerability (CNVD-2019-39753)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in F5 BIG-IP versions 13.1.0 through 13.1.3, 12.1.0 through 12.1.5, and 11.5.2...

WordPress weeklynews theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. weeklynews theme is a news site theme plugin used in it. WordPress weeklynews theme suffers from a cross-site scripting vulnerability...

WordPress Modern theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Modern theme is a multi-functional website theme plugin used in it. A cross-site scripting vulnerability exists in WordPress Modern...

WordPress Auberge theme cross-site scripting vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Auberge theme is a responsive restaurant website theme plugin used in it. WordPress Auberge theme suffers from a cross-sit...

Input validation

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page...

CVE-2019-18207

Summary: CVE-2019-18207 affects Zucchetti InfoBusiness ≤ 4.4.1. An authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload is triggered whenever users browse the reports page. Affected software: Zucchetti InfoBusi...

LabKey Server Cross-Site Scripting Vulnerability

LabKey Server is a biomedical research data repository from LabKey, Inc. The repository allows Web-based querying, reporting, and collaboration across a wide range of data sources. A cross-site scripting vulnerability exists in LabKey Server. An attacker could exploit this vulnerability to execut...

WordPress Easy Digital Downloads Quota theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Quota theme is a Quota theme plugin used in it. A cross-site scripting vulnerability exists in th...

WordPress Easy Digital Downloads Stripe extension cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Stripe extension is a payment gateway plugin used in it. A cross-site scripting vulnerability exists in the...

WordPress Easy Digital Downloads htaccess Editor extension cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD htaccess Editor extension is an htaccess editor plugin used in it. A cross-site scripting...

WordPress Easy Digital Downloads Shoppette theme cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Shoppette theme is an e-commerce website theme plugin used in it. A cross-site scripting...

WordPress Easy Digital Downloads Digital Store theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Digital Store theme is used in which a digital product online sales theme website plugin. A...

pixelpost cross-site scripting vulnerability (CNVD-2019-39941)

pixelpost is a set of PHP and MySQL based , scalable open source photo blog application . A cross-site scripting vulnerability exists in pixelpost version 1.7.1-5, which stems from a lack of proper validation of client-side data in the WEB application and can be exploited by an attacker to execut...

WordPress Easy Digital Downloads Wish Lists extension cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform using PHP language development. The platform supports setting up personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Wish Lists extension is a product collection plugin used in it. A cross-site scripting...