Cross site request forgery (csrf)

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

CVE-2018-0665

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

CVE-2018-0666

CVE-2018-0666 applies to Yamaha devices (RT57i <=8.00.95, RT58i <=9.01.51, NVR500 <=11.00.36, RTX810

CVE-2018-0665

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

CVE-2018-1951

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Phishing Campaign Toolkit: King Phisher

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

Dropbox: Disclose anonymous accessible link on embedded files in paper dropbox sessions

This report described some of the behavior of the integration between Dropbox and Dropbox Paper. In particular, when embedding a Dropbox file into Dropbox Paper, this implicitly creates a link to that file see https://www.dropbox.com/help/files-folders/view-only-access and embeds it within the...

FreeBSD : mybb -- vulnerabilities (bfd5d004-81d4-11e8-a29a-00e04c1ea73d)

mybb Team reports : High risk: Image and URL MyCode Persistent XSS Medium risk: Multipage Reflected XSS Low risk: ACP logs XSS Low risk: Arbitrary file deletion via ACP's Settings Low risk: Login CSRF Low risk: Non-video content embedding via Video MyCode C Tenable Network Security, Inc. The...

mybb -- vulnerabilities

mybb Team reports: High risk: Image and URL MyCode Persistent XSS Medium risk: Multipage Reflected XSS Low risk: ACP logs XSS Low risk: Arbitrary file deletion via ACP’s Settings Low risk: Login CSRF Low risk: Non-video content embedding via Video MyCode...

Design/Logic Flaw

The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...

CVE-2018-3747

CVE-2018-3747 concerns the public Node.js module (versions

Code injection

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system...

Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cross site scripting

A vulnerability in Cisco Jabber Client Framework JCF could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit...

CVE-2018-0201

A vulnerability in Cisco Jabber Client Framework JCF could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit...

CVE-2018-0201

CVE-2018-0201 is a cross-site scripting vulnerability in Cisco Jabber Client Framework (JCF). The issue arises from improper neutralization of input during web page generation, enabling an authenticated, remote attacker to trigger XSS by embedding media in instant messages. The exploit could caus...

Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...