CVE-2020-9338

SOPlanning 1.45 allows XSS via the “Your SoPlanning url” field. Recent assessments: horshark at March 09, 2020 8:34pm UTC reported: Not a lot of information provided for this CVE. However, this is a javascript code execution in Your SoPlanning Url field which you can find in Global Settings leadi...

CVE-2020-9003

A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

Cross site scripting

A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

Modula Image Gallery < 2.2.5 - Authenticated Stored Cross-Site Scripting (XSS)

A stored XSS vulnerability exists in the version of the plugin 2.2.4. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code into the plugin gallery image which are viewed by other users...

Cross site scripting

An internal product security audit of Lenovo XClarity Administrator LXCA discovered a Document Object Model DOM based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The...

CVE-2019-19757

An internal product security audit of Lenovo XClarity Administrator LXCA discovered a Document Object Model DOM based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The...

Arbitrary Code Execution

hmtlunit is vulnerable to arbitrary code execution. The application does not prevent Rhinos' access to Java resources such as Java methods. This allows an attacker to execute arbitrary Java code on the system using malicious Javascript code...

Metamorfo Returns with Keylogger Trick to Target Financial Firms

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique. Metamorfo was first discovered in April 2018, in various...

CVE-2019-10178

It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...

CVE-2020-1721

A flaw was found in the Key Recovery Authority KRA Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascri...

Security Bulletin: IBM Sterling B2B Integrator Is Vulnerable to Cross-site Scripting Due to the Vulnerability of 10x (CVE-2016-5892)

Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting due to the vulnerability of 10x. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted...

Security Bulletin: IBM Sterling File Gateway is Vulnerable to Cross-site Scripting (CVE-2017-1632)

Summary IBM Sterling File Gateway is vulnerable to cross-site scripting Vulnerability Details CVEID: CVE-2017-1632 DESCRIPTION: IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...

CVE-2020-1696

A flaw was found in the pki-core's Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a...

CVE-2020-8498

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...

CVE-2020-8498

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...

CVE-2020-8498

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...

Command injection

In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict...

CVE-2019-18588

CVE-2019-18588 is a Cross‑Site Scripting (XSS) vulnerability in Dell EMC Unisphere for PowerMax and PowerMax OS. Authenticated attackers could inject JavaScript to affect other authenticated sessions. Affected products: Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9 and prior to 9.0.2....

Cross site scripting

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924...

Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists as authenticated users can inject JavaScript code in the block editor that will be executed when it is rendered...