4739 matches found
CVE-2019-10178
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...
Convincing Google Impersonation Opens Door to MiTM, Phishing
An attack that uses homographic characters to impersonate domain names and launch convincing but malicious websites takes minutes and a bare modicum of skill — while reaping high rates of success in luring victims, according to an independent researcher. Researcher Avi Lumelsky set out to see how...
CVE-2020-10544
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...
Input validation
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...
Security Bulletin: Content Collector for Email is affected by a cross-site scripting vulnerability in WebSphere Application Server Admin Console
Summary There is a potential denial of service in the Admin Console of WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4270 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users...
Cross site scripting
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The web interface of the Control Center Server CCS contains multiple stored Cross-site Scripting XSS vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious...
CVE-2019-19294
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The web interface of the Control Center Server CCS contains multiple stored Cross-site Scripting XSS vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious...
Cross site scripting
A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...
Cross site scripting
IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174907...
Security Bulletin: Cross-Site Scripting (XSS) vulnerability have been identified on Tool Prompt Configuration page of Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4196)
Summary Fix is available for vulnerability in Cross-Site Scripting XSS affecting Tivoli Netcool/OMNIbus WebGUI Tool Prompt Configuration page CVE-2020-4196. Vulnerability Details CVEID: CVE-2020-4196 DESCRIPTION: IBM Tivoli Netcool/OMNIbusGUI is vulnerable to cross-site scripting. This...
Visma Public: Arbitrary File Upload to Stored XSS
An attacker is able to bypass the restrictions which limit user uploads to .PDF only. Utilizing this exploit by changing the content Beacon.html%00.pdf an attacker can upload malicious content to the web server and an included JavaScript code to gain Stored XSS...
Testimonial < 2.2 - Authenticated Stored Cross-Site Scripting (XSS)
A stored XSS vulnerability exists in the version of the plugin 2.1.6. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary javascript code into the plugin gallery image which is viewed by other users...
CVE-2020-9447
There is an XSS cross-site scripting vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a...
Cross site scripting
There is an XSS cross-site scripting vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a...
CVE-2020-9447
There is an XSS cross-site scripting vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a...
CVE-2020-9334
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...
CVE-2020-9335
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...
Cross site scripting
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...
Cross site scripting
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...
CVE-2020-9335
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...