Cross site scripting

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

Cross-Site Scripting (XSS)

net/http/cgi and net/http/fcgi in github.com/golang/go is vulnerable to cross-site scripting XSS. The vulnerability exists due to having a default Content-Type header value of text/html in the server response when no Content-Type header exists in a request. This allows an attacker to execute...

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...

CVE-2020-23839

A Reflected Cross-Site Scripting XSS vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the logi...

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the logi...

CVE-2020-23839

A Reflected Cross-Site Scripting XSS vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the logi...

CVE-2020-19007

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser...

Hardcoded credentials

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser...

WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in WP Customer Reviews 3.4.2 and lower allow remote attackers to inject arbitrary JavaScript code or HTML. PoC If WP Customer Reviews is enabled on a page, an unauthenticated attacker can exploit XSS via review form's parameters: - Reviewer Nam...

Acronis: CSRF and XSS on www.acronis.com

Vulnerability description not provided...

CVE-2020-4533

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

CVE-2020-4541

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039...

CVE-2020-4539

CVE-2020-4539 affects IBM Jazz Reporting Service (JRS) versions 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1. The issue is a cross-site scripting vulnerability that allows an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2020-4525

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

Cross site scripting

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

CVE-2020-4525

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by...

Cross site scripting

An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c,...

CVE-2020-13913

CVE-2020-13913 is an XSS in the emfd component of Ruckus Wireless Unleashed firmware up to 200.7.10.102.92. An unauthenticated crafted HTTP request can cause JavaScript execution, affecting numerous devices (C110, E510, H320, H510, M510, R320, R310, R500, R510, R600, R610, R710, R720, R750, T300,...