4739 matches found
Cross site scripting
IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2021-29810
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2021-20484
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting Vulnerability (CNVD-2021-101977)
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...
Cross site scripting
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2021-29819
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2021-39307
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...
About the security content of iTunes U 3.8.3
About the security content of iTunes U 3.8.3 This document describes the security content of iTunes U 3.8.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
Judge.me : Blind XSS via Feedback form.
Summary: Hi Team, I found Blind XSS which is triggered on the admin panel. I was trying to add widgets on the installation page for default theme. When the installation was done, I saw a question like that Are you happy with how everything looks?. I clicked the No, please remove all widgets butto...
Cross-site Scripting (XSS) - Stored in alanaktion/phproject
✍️ Description stored xss via svg file upload 🕵️♂️ Proof of Concept Here i uses demo site https://demo.phproject.org .\ 1. First goto any project and upload a svg file https://github.com/ranjit-git/poc/blob/master/evilsvgfile.svg .\ 2. Now open this svg file using url like...
GHSA-JF9V-Q8VH-3FMC Cross-site scripting in ICEcoder
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...
Cross-site Scripting in LibreNMS
In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...
Arbitrary File Upload
Overview plupload is a Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight. Affected versions of this package a...
LibreNMS Cross-Site Scripting Vulnerability (CNVD-2021-93896)
LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool. a stored cross-site scripting vulnerability exists in API access pages in versions of LibreNMS prior to 21.3.0. The vulnerability stems from insufficient validation of the $api-description variable. An attacker could use this...
Cross site scripting
In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...
CVE-2021-31274
In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...
WordPress plugin Picture Gallery 'Edit Content URL' cross-site scripting vulnerability
WordPress is a blogging platform based on the PHP language that can be used to host websites on servers that support PHP and MySQL databases, and can also be used as a content management system CMS. WordPress plugin Picture Gallery 'Edit Content URL' has a cross-site scripting vulnerability that...
Protect
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context...
Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver
✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...
CVE-2021-23439
This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...