CVE-2020-11110

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

CVE-2019-4748

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174...

Impress CMS 1.4.0 Cross Site Scripting

Author: AppleBois Homepage: https://sourceforge.net/projects/impresscms/ Affected Version: 1.4.0 Stored XSS Allows an attacker to execute arbitrary HTML and JavaScript code Solution: Update to 1.4.1 More information : https://github.com/ImpressCMS/impresscms/issues/659 Payload = alert'AppleBois';...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

CVE-2020-15030

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter...

CVE-2020-15033

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter...

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter...

CVE-2020-15031

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter...

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter...

Cross site scripting

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting XSS vulnerability by pasting javascript code into the editor field...

MK-AUTH cross-site scripting vulnerability (CNVD-2021-17430)

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A cross-site scripting vulnerability exists in the admin and client scripts in MK-AUTH version 19.01, which can be exploited by an attacker to execute arbitrary JavaScript code...

CVE-2020-14071

An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code...

Code injection

An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code...

CVE-2020-15006

Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php...

CVE-2020-14073

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access...

CVE-2020-14073

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access...

Cross site scripting

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access...

CVE-2020-14073

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access...

PT-2020-13878 · Paessler · Prtg Network Monitor

Name of the Vulnerable Software and Affected Versions: PRTG Network Monitor version 20.1.56.1574 Description: The issue allows an attacker with Read/Write privileges to create a map and insert JavaScript code using the Map Designer Properties screen. This can be exploited against any user with Vi...