56 matches found
Mozilla Firefox for iOS cross-site scripting vulnerability (CNVD-2024-12553)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox for iOS, which can be exploited by an attacker to execute script in a victim's web browser using a specially crafted URL in the security...
CVE-2023-37522
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...
CVE-2023-46244 Privilege escalation in Xwiki platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programmin...
Reflected XSS in date
Description There is a reflective XSS on the FOSSBilling admin screen. Proof of Concept By accessing the following URL, it is possible to execute any script on the browser of the logged-in administrator user. URL:...
CVE-2023-26056
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...
CVE-2020-3579
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does not properl...
Design/Logic Flaw
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXXBeta2 allows an authenticated user to upload and execute a script with resultant execution of OS commands. For example, this affects IT9388-HT devices...
CVE-2019-14984
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...
Cisco Data Center Network Manager Cross-Site Scripting Vulnerability
Cisco Data Center Network Manager is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A cross-site scripting vulnerability exists in the web-based management interface of...
Webmin 0.92 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is 0.92 It is, therefore, affected by multiple vulnerabilities which could allow local users to execute script. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid108538;...
UBUNTU-CVE-2018-5135
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox 59...
Cross site scripting
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with...
CVE-2016-7035
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...
File Thingie 2.5.5 - File Security Bypass
No description provided by source. Title: File Thingie v2.5.5 File Security Bypass Author: Jeremiah Talamantes RedTeam Security Website: http://www.redteamsecure.com/labs Date: 5/15/2010 Application: File Thingie Version: 2.5.5 Link: http://www.solitude.dk/filethingie/download Description: There...
sit! support incident tracker 3.64 - Multiple Vulnerabilities
sit! support incident tracker 3.64 - Multiple Vulnerabilities Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery...
JVN#11424086: Password Vault Web Access vulnerable to cross-site scripting
Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Apply a patch Apply t...
Pandora FMS <= 3.1 Multiple Input Validation Vulnerabilities - Active Check
Pandora FMS is prone to an authentication bypass vulnerability as well as the following input-validation vulnerabilities: - A commandinjection vulnerability - Multiple SQL injection SQLi vulnerabilities - A remote file include RFI vulnerability - An arbitrary PHP code execution vulnerability -...
CVE-2010-1258
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."...
Google Releases Chrome 5.0.375.55
Google has released Chrome 5.0.375.55 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to bypass security restrictions, execute script in an unsafe context, or mislead users. US-CERT encourages users and administrators to review the Goog...
Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability
Advisory 1 "Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability" $ Author : Morgan ARMAND $ Contact : armandm at epitech dot net $ Vendor URL : http://www.dotclear.net $ Vendor Contacted : 07/04/2008 $ Vendor Status : No response $ Affected Software : Dotclear = 1.2.7.1 $ Severity :...