1017 matches found
Design/Logic Flaw
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...
CVE-2020-29550
The CVE-2020-29550 issue affects URVE Build 24.03.2020, where the password for an integration user (Office 365 integration) is stored in cleartext in multiple files and in the database, enabling exposure. Affected files include Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000...
CVE-2020-29550
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
Exploit Title: Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: = 2.251 and = LTS 2.235.3 Tested on: any CVE : CVE-2020-2229 References:...
Alternatives to Animated GIFs
We have all been amused by animated GIFs on lots of websites -- dancing babies, cute cats, flying birds, funny memes, and countless others. Despite their popularity, animated GIFs can be very heavy and can contribute significantly to page performance issues. How significantly? We have seen...
CVE-2020-26237
A flaw was found in nodejs-highlight-js. Highlight.js is vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting...
CVE-2020-26237
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...
Code injection
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...
CVE-2020-26237 Prototype Pollution in highlight.js
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...
CVE-2020-26237
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...
Prototype Pollution in highlight.js
Impact Affected versions of this package are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsin...
CVE-2020-27193
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
Cross site scripting
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
CVE-2020-28415
A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28414...
CVE-2020-28414
A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28415...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28414...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28415...
CVE-2020-7332
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration...
CVE-2020-7332
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration...
Cross site request forgery (csrf)
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration...