CVE-2018-4943

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app...

CVE-2018-4943

Adobe PhoneGap Push Plugin

CVE-2018-4943

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app...

CVE-2018-1000162

Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

Cross site request forgery (csrf)

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

CVE-2017-1000465

Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code...

Plone JavaScript Code Execution Vulnerability

Plone is the U.S. Plone Foundation's set of free and open source content management system CMS built on an application server Zope. The system is developed in Python language , suitable for web portals , internal and external corporate websites , document publishing systems and so on. A code...

CVE-2017-1000463

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000193

October CMS 412 is reported to be vulnerable to a stored XSS (WCI) via the brand logo image name, allowing injected JavaScript to execute in the victim’s browser. The root cause, as described in the connected materials, is a stored XSS flaw in the brand logo handling. The documents do not specify...

Cross-site Scripting (XSS)

candy is vulnerable to cross-site scripting XSS attacks. Text sent by users is not sanitized in any way, allowing attackers to execute JavaScript code...

CVE-2017-5157

CVE-2017-5157 affects Schneider Electric homeLYnk Controller (LSS100100) prior to v1.5.0. It is a cross-site scripting vulnerability where attacker-supplied input can execute JavaScript in a user’s browser. ICS-CERT advisory ICSA-17-019-01A notes CVSS v3.0 base score 6.3 and provides mitigations ...

Cross site scripting

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...

BahnSharing - Gruppentickets - External URLs, WebView JavaScript enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application BahnSharing - Gruppentickets published at the 'play' market has multiple vulnerabilities...

Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)

Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

MGASA-2014-0194 Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

The ForzeArmate application安全绕过任意Javascript代码执行漏洞

CVE ID:CVE-2014-1885 The ForzeArmate application是一款基于安卓的应用。 当使用Adobe PhoneGap 2.9.0或之前版本时The ForzeArmate application存在安全漏洞，允许远程攻击者控制任意某一Google联合广告域，来执行任意JavaScript代码，获取外部存储资源。 0 The ForzeArmate application for Android 目前没有详细解决方案提供：...

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting Exploit Title: CTERA Project Folders - Stored XSS Date: 11-Mar-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.ctera.com Version: 3.2.29.0 and 3.2.42.0 Tested on: ctera os CVE : CVE-2013-2639 OVERVIEW Standard Ctera User...

LiveZilla 5.1.1.0 Cross Site Scripting

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...