4739 matches found
Cross site scripting
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14669
CVE-2019-14669 affects Firefly III 4.7.17.3 and is a stored XSS vulnerability caused by lack of filtration of user-supplied data in the asset account name. The JavaScript executes when visiting the audit account statistics page. CVSS metrics indicate CVSS‑3.0 base score 5.4 (Medium) with network ...
CVE-2019-14670
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation...
CVE-2019-14670
Firefly III 4.7.17.3 is reported vulnerable to stored XSS stemming from lack of filtration of user-supplied data in the bill name field. The JavaScript payload executes during rule-from-bill creation, indicating a stored XSS flaw. No explicit remediation or patch details are provided in the conne...
Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
Summary Financial Transaction Manager for Digital Payments FTM DP for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...
CVE-2019-9140 Happypoint mobile application information disclosure vulnerability
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a...
Stored Cross-Site Scripting Vulnerability in Morphology Digital Lab Teaching Platform Frontend
Morphology digital experimental teaching platform is a virtual reality system with the core of computer virtual reality and digital simulation technology, supported by biosimulation engine, processing factor database, virtual environment interface and other technologies. Morphology digital...
Ultimate Loan Manager 2.0 Cross Site Scripting
Exploit Title:Web Studio Ultimate Loan Manager V2.0 - Persistent Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: http://www.webstudio.co.zw/ Software Link: https://codecanyon.net/item/ultimate-loan-manager/19891884 Version: V2.0 Category: Webapps Software...
Ultimate Loan Manager 2.0 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title:Web Studio Ultimate Loan Manager V2.0 - Persistent Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: http://www.webstudio.co.zw/ Software Link:...
Ultimate Loan Manager 2.0 - Cross-Site Scripting
Exploit Title:Web Studio Ultimate Loan Manager V2.0 - Persistent Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: http://www.webstudio.co.zw/ Software Link: https://codecanyon.net/item/ultimate-loan-manager/19891884 Version: V2.0 Category: Webapps Software...
CVE-2019-5457
Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...
Cross site scripting
EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...
CVE-2019-14349
EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...
CVE-2019-14329
An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...
CVE-2019-14331
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code...
Cross site scripting
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code...
Cross site scripting
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code...
Cross site scripting
An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...
CVE-2019-14330
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code...