CVE-2019-7343

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorMethod' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7344

Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filterName' aka Filter name value on the web page without applying any proper filtration...

CVE-2019-7328

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php via /js/frame.js.php because proper filtration is omitted...

Cross site scripting

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorV4LCapturesPerFrame' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7330

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame frame.php because proper filtration is omitted...

Cross-site Scripting (XSS)

html-pages is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the value of name in index.hbs is not sanitized and can be used to inject arbitrary Javascript into a victim's browser...

Hardcoded credentials

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...

CVE-2018-18997

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...

Cross-Site Scripting (XSS)

activestorage is vulnerable to cross-site scripting. Signed download URLs that are generated for Google Cloud Storage include content-disposition and content-type parameters which can be modified on the client-side. This allows an attacker to upload specially crafted HTML files and inject arbitra...

Cross site scripting

A reflected Cross-Site-Scripting XSS vulnerability has been identified in Siemens PLM Software TEAMCENTER V9.1.2.5. If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software...

CVE-2018-11450

A reflected Cross-Site-Scripting XSS vulnerability has been identified in Siemens PLM Software TEAMCENTER V9.1.2.5. If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software...

CVE-2018-1351

A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log...

WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and below The easiest way ...

Design/Logic Flaw

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download...

CVE-2016-10567

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download...

Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext

For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability. Discovered Monday by the same team of security researchers, the newly discovered...

Hackers Reveal How Code Injection Attack Works in Signal Messaging App

After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code...

CVE-2017-18090

Various resources in Atlassian Fisheye before version 4.5.1 the fixed version for 4.5.x and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a commit author...

Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2018-03444)

Atlassian Confluence Server is a suite of professional enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build an enterprise WiKi. the software enables collaboration and knowledge sharing amongst team members. A cross-site scripting...

ZKTeco ZKTime Web Personnel Advanced Query Department Module Cross-Site Scripting Vulnerability

ZKTeco ZKTime Web is a time and attendance management system from ZKTeco, Inc.The Department module in Personnel Advanced Query is one of the departmental personnel advanced query modules. A cross-site scripting vulnerability exists in the Range field of the Department module in Personnel Advance...