CVE-2020-4663

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4557

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. Vulnerability Details CVEID: CVE-2020-4557 DESCRIPTION: IBM Business Automation Workflow and IBM Business Process Manager is vulnerable to cross-site scripting. This...

CVE-2020-4525

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

PT-2020-13878 · Paessler · Prtg Network Monitor

Name of the Vulnerable Software and Affected Versions: PRTG Network Monitor version 20.1.56.1574 Description: The issue allows an attacker with Read/Write privileges to create a map and insert JavaScript code using the Map Designer Properties screen. This can be exploited against any user with Vi...

Code injection

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service unrecoverable blank profile via crafted JavaScript code in the First Name and Last Name field...

Cross site scripting

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723...

CVE-2018-1795

The CVE-2018-1795 entry concerns IBM Robotic Process Automation with Automation Anywhere Enterprise 10 (V10.0), where a cross-site scripting vulnerability exists in the Web UI that can allow injection of arbitrary JavaScript code and potentially lead to credentials disclosure within a trusted ses...

CVE-2018-11486

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

Dolibarr 7.0.0 Cross Site Scripting

CVE-2018-10095 Dolibarr XSS Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly, allowing...

Code injection

Brave Browser before 0.13.0 allows remote attackers to cause a denial of service resource consumption via a long alert argument in JavaScript code, because window dialogs are mishandled...

CVE-2017-1767

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152...

CVE-2016-8946

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

Design/Logic Flaw

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

CVE-2016-5880

CVE-2016-5880 is an IBM iNotes (and Domino) cross-site scripting vulnerability described as allowing arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Public sources (NVD/CNVD/PRION and Nessus reference) attribute the issue to improper inp...

Xerosploit - Efficient And Advanced Man In The Middle Framework

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...

Design/Logic Flaw

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00AADY.4C0 and earlier allows remote attackers to cause a denial of service persistent web-interface outage via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginM...

osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities

osCmax e-Commerce v2.5.3 is suffer from multiple vulnerabilities remote attacker can upload file/shell via header attacks or exec a JavaScript Code & Inject a remote Object see also : CVE-2013-4144 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...

Advisory: Dolphin Browser HD Cross-Application Scripting

1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, the Dolphin browser application holds sensitive information such as cookies, cache and...

Apple Safari Multiple Vulnerabilities

The host is running Apple Safari web browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodapplesafarimultvulnjune09.nasl 5055 2017-01-20 14:08:39Z teissa $ Apple Safari Multiple Vulnerabilities Authors: Sujit Ghosal Copyright: Copyright c 2009 SecPod,...

Apple Safari Multiple Vulnerabilities

Apple Safari web browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...