CVE-2019-16366

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst...

Cross site scripting

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks

Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually...

LimeSurvey 3.17.13 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...

CVE-2019-4149

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows user...

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

CVE-2019-6181

A reflected cross-site scripting XSS vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself...

Cross site scripting

A reflected cross-site scripting XSS vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself...

Cross site scripting

A stored cross-site scripting XSS vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not execute...

CVE-2019-6180

A stored cross-site scripting XSS vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not execute...

PT-2019-18008 · Lenovo · Lenovo Xclarity Administrator

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator versions prior to 2.5.0 Description: A stored cross-site scripting issue was reported that could allow an administrative user to store JavaScript code, which may then be executed in the user's web browser. The...

Opencart 3.x Cross Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

Opencart 3.x - Cross-Site Scripting

Opencart 3.x - Cross-Site Scripting Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Opencart 3.x.x Authenticated Stored XSS Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

CVE-2018-18370

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting XSS vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web...

Cross site scripting

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting XSS vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web...

Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards

Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers. Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of...

XSS and Information Disclosure Vulnerabilities in ASG and ProxySG

SUMMARY The Symantec ASG and ProxySG FTP proxy WebFTP mode is susceptible to XSS and information disclosure vulnerabilities. A remote attacker can inject malicious JavaScript code in the web listing of a remote FTP server and obtain authentication credentials for a remote FTP server. AFFECTED...