4739 matches found
CVE-2020-29029
Improper Input Validation, Cross-site Scripting XSS vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...
CVE-2020-29028 Reflected XSS issues
Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
Cross site scripting
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
CVE-2021-27907 Apache Superset stored XSS on Dashboard markdown
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-14749)
IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An attacker could explo...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-14750)
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
Cross site scripting
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...
CVE-2021-20351
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708...
CVE-2020-4975
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...
IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-14787)
IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in t...
IBM Engineering Requirements Management DOORS Next Cross-Site Scripting Vulnerability (CNVD-2021-32648)
IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines Corporation IBM. The solution helps you capture, track, analyze and manage systems and advanced IT application development. IBM Engineering Requirements Management DOORS Next suffers fro...
The mystery of the Silver Sparrow Mac malware
Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apples new M1 chips, but what is unknown about this malware is actually more interesting than what is...
Monica 2.19.1 - (last_name) Stored XSS Vulnerability
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...
Cross site request forgery (csrf)
Automated Logic Corporation ALC WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request...
CVE-2020-19762
Automated Logic Corporation ALC WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request...
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1346)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2021-11047)
IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...
IBM Maximo for Civil Infrastructure Cross-Site Scripting Vulnerability
IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. A cross-site scripting vulnerability exists in IBM...