Cross-site Scripting (XSS)

markdown-it-prism is vulnerable to cross-site scripting XSS. The library does not properly escape the langToUse variable, allowing a malicious user to inject and execute arbitrary Javascript code...

CVE-2020-4615

IBM Data Risk Manager iDNA 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928...

CVE-2020-8339

A cross-site scripting inclusion XSSI vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module AMM web interface prior to version 3.68n BPET68N. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a...

Cross site scripting

A cross-site scripting inclusion XSSI vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module AMM web interface prior to version 3.68n BPET68N. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a...

CVE-2020-8339

A cross-site scripting inclusion XSSI vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module AMM web interface prior to version 3.68n BPET68N. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a...

Cross site scripting

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting XSS via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed...

Cross site scripting

MediaKind formerly Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker...

CVE-2020-21732

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting XSS. An attacker can add JavaScript code to the filename...

CVE-2020-21731

Gazie 7.29 is affected by: Cross Site Scripting XSS via http://192.168.100.7/gazie/modules/config/adminutente.php?username=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code...

Cross site scripting

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting XSS. An attacker can add JavaScript code to the filename...

CVE-2020-21731

Gazie 7.29 is affected by: Cross Site Scripting XSS via http://192.168.100.7/gazie/modules/config/adminutente.php?username=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code...

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4530

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. This vulnerability only affects BPM and BAW profiles of type "Advanced". Vulnerability Details CVEID: CVE-2020-4530 DESCRIPTION: IBM Business Automation Workflow and IBM...

Spoofing

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system. For the attack to be successful, the targeted user would...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2021-10828)

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM WebSphere...

CVE-2020-15788

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

Cross site scripting

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...

CVE-2020-4516

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

Remote Code Execution in next

Versions of next prior to 5.1.0 are vulnerable to Remote Code Execution. The /path: route fails to properly sanitize input and passes it to a require call. This allows attackers to execute JavaScript code on the server. Note that prior version 0.9.9 package next npm package hosted a different...

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...