EUVD-2018-18279

Malware in sbrugna...

CVE-2025-43793

CVE-2025-43793 affects Liferay Portal (7.4.0–7.4.3.105) and Liferay DXP (2023.Q4.0, 2023.Q3.1–2023.Q3.4, 7.4 GA–update 92, 7.3 GA–update 35). The issue is improper subdomain/domain subcomponent identification that can create a supercookie, enabling remote attackers controlling a website sharing t...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2010-4600

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue...

CVE-2019-20483

An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...

D-Link DIR Series Cross-Site Scripting Vulnerability (CNVD-2018-06630)

The D-Link DIR-868L, DIR-865L and DIR-860L are all wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/advparentctrlmap.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a...

D-Link DIR Series Cross-Site Scripting Vulnerability (CNVD-2018-06629)

D-Link DIR-868L and others are wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bscsmssend.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a specially crafted...

D-Link DIR Series Cross-Site Scripting Vulnerability

D-Link DIR-868L and others are wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bscsmsinbox.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a specially crafted 'Treturn...

Cross site scripting

XSS vulnerability in htdocs/webinc/js/advparentctrlmap.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted...

CVE-2018-6527

XSS vulnerability in htdocs/webinc/js/advparentctrlmap.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted...

CVE-2018-6529

The CVE-2018-6529 issue affects D-Link DIR-868L, DIR-865L, and DIR-860L routers (DIR868LA1 FW112b04 and earlier; DIR865L REVA FW1.08.B01 and earlier; DIR860LA1 FW110b04 and earlier). It is an XSS in htdocs/webinc/js/bsc_sms_inbox.php that allows remote attackers to read a cookie by sending a craf...

CVE-2018-6527

The CVE-2018-6527 issue affects D-Link DIR-868L, DIR-865L and DIR-860L routers. It is a cookie disclosure via an XSS-like flaw in htdocs/webinc/js/adv_parent_ctrl_map.php that can be triggered by a crafted deviceid parameter to soap.cgi, exposing cookie data. Root cause: inadequate protection of ...

CVE-2015-1907

The Administration and Reporting Tool in IBM Rational License Key Server RLKS 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors...

Prestashop < 1.6.0.11 Reflected Cross Site Scripting Vulnerability

Prestashop is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fizzle 0.5 RSS Feed HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...

fizzle-access.txt

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...

Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

Fizzle 0.5 - RSS Feed HTML Injection

source: https://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the...