PHP 7.2.x < 7.2.30 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.30. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read error exists in urldecode due to improper data validation checks. An attacker can exploit...

PrestaShop cross-site scripting vulnerability (CNVD-2020-25935)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop versions prior to 1.7.6.5...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-24415)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

Flexense DiskBoss Denial of Service Vulnerability

DiskBoss is a disk space utilization analysis tool that supports features such as file synchronization and data migration. DiskBoss suffers from a denial of service vulnerability that originates from a network system or product that does not properly validate incoming data, and an attacker may be...

CloudBees Jenkins Timestamper plugin cross-site scripting vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Timestamper Plugin is used in one of the...

Wyse Management Suite Cross-Site Scripting Vulnerability (CNVD-2020-17378)

Wyse Management Suite WMS is a scalable solution for managing and optimizing Wyse endpoints from Dell, USA. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery. A cross-site scripting vulnerability exists in Wyse Management Suite versions...

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18656)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...

WordPress Strong Testimonials Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Strong Testimonials versions prior to 2.40.1. The...

CVE-2019-4670

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319...

CVE-2019-4670

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319...

Information disclosure

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319...

CVE-2019-4670

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2020-04346)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

Cisco Email Security Appliance Cross-Site Scripting Vulnerability

Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. A cross-site scripting vulnerability exists in the Cisco Email Security Appliance 13.0 and prior versions. The vulnerability stems from a lack of prop...

SolarWinds Orion Platform Cross-Site Scripting Vulnerability (CNVD-2020-04012)

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

TaskCanvas Denial of Service Vulnerability

TaskCanvas is a program that tracks computer usage. TaskCanvas suffers from a denial of service vulnerability that arises from a networked system or product that does not properly validate incoming data, which could be exploited by an attacker to cause a denial of service condition that denies...

mIRC URI Handler Remote Code Execution (CVE-2019-6453)

A remote code execution vulnerability exists in mIRC. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option. Successful exploitation could result in code execution on the target machine in the context of the application...

serialize-to-js cross-site scripting vulnerability

serialize-to-js is a package that serializes objects to strings. A cross-site scripting vulnerability exists in serialize-to-js NPM versions prior to 3.0.1. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...

The vulnerability of the Navigation component in Google Chrome allows a hacker to manipulate the content of the omnibox (URL strings).

The vulnerability of the Navigation component in Google Chrome is related to improper data processing. Exploiting this vulnerability allows a malicious actor to manipulate the content of the omniboxes using a specially created HTML page...

The vulnerability of the Google Chrome browser, related to improper data processing, allows a hacker to replace the content in the Omnibox (URL).

The vulnerability of the Google Chrome browser is related to incorrect data processing. Exploiting this vulnerability allows a malicious actor to replace the content in the Omnibox URL bar using IDN homographs...