EUVD-2020-3971

Malware in sbrugna...

Debian dsa-5714 : roundcube - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5714 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5714-1 [email protected]...

TeamCity Server < 2023.11.0 Restore From Backup XSS

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.0. It is, therefore, affected by Cross Side Scripting Vulnerability during a Restore from Backup. Note that Nessus did not actually test for these issues,...

DOM Cross Side Scripting

Description Hello team, Recently i found that, DOM XSS on profile language field there is a DOM XSS Proof of Concept Video poc: https://screencast-o-matic.com/watch/c01067VBWlV Step: 1. Login as simple user 2. Click on settings and select profile tab. 3. Click on change language as 'english' and...

CVE-2022-22999

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

CVE-2022-22999

CVE-2022-22999 affects Western Digital My Cloud devices and is described as a cross-site scripting vulnerability that can allow a malicious, elevated-privilege user to inject JavaScript into an authenticated user’s browser, potentially taking control of the session, stealing data, modifying setti...

WordPress FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Kenya Uematsu in WordPress FreeMind WP Browser versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is...

CVE-2020-26296

A flaw was found in nodejs-vega. An attacker, using a specially crafted Vega expression, could execute a cross-side scripting attack on a victim's machine allowing them to execute arbitrary JavaScript. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation...

Debian: Security Advisory (DSA-4674-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-11626

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting XSS vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets...

CVE-2020-11626

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting XSS vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets...

PRODSECBUG-2489: Cross side scripting during the preview of email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2448: Cross side scripting via admin panel dashboard

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

Security Bulletin: IBM Tivoli Common Reporting (TCR) 2016Q4 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities.

Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition,...

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.5.0. IBM Cognos Analytics has addressed several Libxml2 vulnerabilities. There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty. Liberty is used by IBM Cognos...

Security Bulletin: IBM Cognos Business Intelligence Server 2016Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues...

[ASA-201710-13] flyspray: cross-site scripting

Arch Linux Security Advisory ASA-201710-13 ========================================== Severity: High Date : 2017-10-10 CVE-ID : CVE-2017-15213 CVE-2017-15214 Package : flyspray Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-439 Summary ======= The package...

phpmyadmin: multiple issues

CVE-2016-5702 cookie attribute injection A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHPSELF is not set. - CVE-2016-5703 SQL injection A vulnerability was discovered that allows an SQL injection...

chromium: multiple issues

CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...

mediawiki: multiple issues

CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...