Cross site scripting

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...

CVE-2020-2017 PAN-OS: DOM-Based cross site scripting vulnerability in management web interface

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...

PAN-OS: DOM-Based cross site scripting vulnerability in management web interface

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...

CVE-2020-8020

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb...

Credit card skimmer masquerades as favicon

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one. When it comes to online credit card skimmers, we have already seen a number of evasion...

Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-015

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently sanitize Webform labels nor visibility conditions under the scenario of placing a block. When a webform block is placed and visible on a website any JavaScript code contained within the webform's label w...

Design/Logic Flaw

RSA Archer, versions prior to 6.7 P1 6.7.0.1, contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system...

CVE-2019-17557

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string...

CVE-2019-17557

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string...

CVE-2019-17557

CVE-2019-17557 describes a reflected XSS in the Apache Syncope EndUser UI login page, before versions 2.0.15 and 2.1.6, where the UI reflects the successMessage parameter in the URL query string, allowing an attacker to execute arbitrary JavaScript in a user’s browser. The issue is caused by insu...

CVE-2020-12625

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting XSS vulnerability in rcubewashtml.php because JavaScript code can occur in the CDATA of an HTML message...

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Cross-Site Scripting Vulnerability

A cross-site scripting XSS vulnerability exists in WebSphere Application Server using SIBMsgMigration Utility due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by embeding arbitrary JavaScript code in the Web UI thu...

Code injection

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

PT-2020-18418 · Rsa · Emc Rsa Authentication Manager

Name of the Vulnerable Software and Affected Versions: RSA Authentication Manager versions prior to 8.4 P11 Description: The issue concerns a stored cross-site scripting vulnerability in the Security Console of RSA Authentication Manager. A malicious administrator with advanced privileges could...

Cross site scripting

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...

CVE-2020-7575

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitra...

Cross-Site Scripting (XSS)

firefox / thunderbird is vulnerable to cross-site scripting XSS. A cross-site scripting XSS flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website...

Cross-Site Scripting (XSS)

thunderbird is vulnerable to cross-site scripting XSS. A cross-site scripting XSS flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content...

CVE-2020-4252

IBM DOORS Next Generation DNG/RRC 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...