CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

Cross site scripting

A cross-site scripting XSS vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment...

CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

RSA Archer Cross-Site Scripting Vulnerability (CNVD-2021-24477)

RSA Archer is the GRC Enterprise Risk Management Suite. A stored cross-site scripting vulnerability exists in Archer versions prior to 6.8 P4. An attacker can exploit this vulnerability to execute HTML or JavaScript code...

WebView Vulnerability in X Browser

X Browser is a mobile browser for the Android platform. X Browser has a WebView vulnerability that can be exploited by an attacker to execute JS code across domains and take full control of a user's browser...

CVE-2020-9860

CVE-2020-9860 affects Safari on macOS (and WebKit components) prior to version 13.0.5. The root cause is improper input validation in the handling of custom URL schemes, which could allow a malicious URL to trigger arbitrary JavaScript execution. Apple’s fix is to address this input validation is...

CVE-2020-26584

An issue was discovered in Sage DPW 202006x before 202006002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can ...

Hardcoded credentials

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser...

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-31225)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in the blobs...

Readdle Documents app authorization control vulnerability

Readdle Documents app is a document manager from Readdle Ukraine. The product supports viewing EPUB eBooks, viewing Word and Excel documents and more. A security vulnerability exists in the iOS-based Readdle Documents app prior to version 6.9.7, which stems from the file transfer web server...

Sql injection

An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2020-3884

An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2020-3884

Summary: CVE-2020-3884 is an injection issue in the Mail component of macOS Catalina that allowed a remote attacker to cause arbitrary JavaScript execution. The issue was addressed by improved input validation and is fixed in macOS Catalina 10.15.4. The primary sources describe the vulnerability ...

CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

CVE-2020-9338

SOPlanning 1.45 allows XSS via the “Your SoPlanning url” field. Recent assessments: horshark at March 09, 2020 8:34pm UTC reported: Not a lot of information provided for this CVE. However, this is a javascript code execution in Your SoPlanning Url field which you can find in Global Settings leadi...

Sql injection

An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2019-8792

An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....

CVE-2019-9140 Happypoint mobile application information disclosure vulnerability

When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a...

CVE-2019-1010091

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab...