CVE-2019-7250

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

CVE-2019-3911

Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...

CVE-2019-1565

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML...

CVE-2019-1566

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML...

Cross site scripting

Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...

CVE-2019-1566

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML...

CVE-2019-1566

The CVE-2019-1566 entry affects Palo Alto Networks PAN-OS: the Management Web Interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. Affects PAN-OS versions 7.1.21 and earlier, 8.0.14 and earlier, and 8.1.5 and earlier. An unauthenticated attacker could inject...

CVE-2019-1565

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML...

CVE-2019-1565

The CVE-2019-1565 issue affects PAN-OS External Dynamic Lists. An authenticated user with write privileges can inject arbitrary JavaScript/HTML, impacting PAN-OS 7.1.x ≤7.1.21, 8.0.x ≤8.0.14, and 8.1.x ≤8.1.5. Remediation: upgrade to 7.1.22, 8.0.15, or 8.1.6 (or later). If not exploiting, no work...

Cross-Site Scripting (XSS)

croogo/croogo is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the title parameter in the Attachment page to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS External Dynamic Lists. Ref. PAN-106776; CVE-2019-1565 Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject...

The vulnerability of microprogrammed logic controllers from Schneider Electric Modicon, related to insufficient protection of the web page structure, allows attackers to inject JavaScript that will be executed in the user’s browser.

The vulnerability of the microprogrammed logic controllers from Schneider Electric Modicon relates to insufficient protection of the web page structure. Exploiting this vulnerability allows an intruder to inject JavaScript, which will be executed in the user’s browser...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the description field of a Heat template...

IBM SPSS Analytic Server Cross-Site Scripting Vulnerability

IBM SPSS Analytic Server is a suite of IBM engines for predictive analytics of big data from IBM in the United States, which generates predictions and recommendations in big data to achieve optimal performance on a wide range of large amounts of data. A cross-site scripting vulnerability exists i...

WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor,...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2019-00558)

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in integration with IBM Rational CLM's Rational solution for managing all lifecycles of a development project. CLM users can access reports provided by JRS in dashboards,...

Cross-Site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the transphrase parameter in notice.php due to the application not performing output encoding before displaying on the user's browser...

Q'center Virtual Appliance Cross-Site Scripting Vulnerability

QNAP Q'center Virtual Appliance is a virtual appliance from QNAP Systems for deploying Q'center QNAP NAS Management Platform in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation. A cross-site scripting vulnerability exists in QNAP Q'center Virtual Appliance version...

CVE-2018-0723

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...