Cross site scripting

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

Cross site scripting

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code...

Cross site scripting

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code...

CVE-2019-14330

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code...

CVE-2019-14329

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Exploit (2

Exploit for jsp platform in category web applications Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. Metasploit Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link:...

CVE-2019-13098

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...

Error: Cannot create BDM partition for device <device name> while using XenDesktop Setup Wizard

The XenDesktop Setup Wizard might fail when creating target VMs on VmWare environmentunder the following scenario: Same service account is used; which is able to create Vms in Citrix Studio via MCS but failing in PVS All permissions are provided as per article CTX214389 vSAN is encrypted The Vm i...

[SECURITY] Fedora 29 Update: virt-bootstrap-1.1.1-1.fc29

Provides a way to create the root file system to use for libvirt containers...

GitLab: Stored XSS in "Create Groups"

NOTE! Thanks for submitting a report! Please replace all the parenthesized sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary Stored attacks are those...

Cross-site Scripting in invenio-communities

Cross-Site Scripting XSS vulnerability in Jinja templates Impact A Cross-Site Scripting XSS vulnerability was discovered in two Jinja templates in the Invenio-Communities module. The vulnerability allows a user to create a new community and include script element tags inside the description and...

CVE-2018-19581

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2019-12471

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2019-12471

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...

CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...

CVE-2019-12963

LiveZilla Server is affected by CVE-2019-12963: prior to 8.0.1.1, the chat.php Create Ticket action is vulnerable to cross-site scripting (XSS). This is confirmed by multiple sources (NVD/Red Hat/CNVD/OpenVAS references) and is characterized by XSS in the Create Ticket/Work Order path. Exploitati...

CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...

RedwoodHQ 2.5.5 - Authentication Bypass Vulnerability

Exploit for multiple platform in category web applications -- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...