4739 matches found
CVE-2019-1010091
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab...
Input validation
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab...
CVE-2019-1010091
Removed by vendor...
CVE-2019-1010091
CVE-2019-1010091 affects TinyMCE 4.7.11/4.7.12 (Media element). The root cause is improper input neutralization (CWE-79) in the media element, enabling JavaScript execution when a user pastes malicious content into the media element embed tab. Impact is client-side code execution with low attack ...
Cross site scripting
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131...
Cross-Site Scripting in @nuxt/devalue
Versions of @nuxt/devalue prior to 1.2.3 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization attacker may inject arbitrary JavaScript code through object keys. Recommendation Upgrade to version 1.2.3 or later...
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...
CVE-2019-1010008
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...
Cross site scripting
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...
Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks
Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year. Dubbed Astaroth, the malware trojan has been making the rounds since at...
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
The prevailing perception about fileless threats, among the security industry’s biggest areas of concern today, is that security solutions are helpless against these supposedly invincible threats. Because fileless attacks run the payload directly in memory or leverage legitimate system tools to r...
PowerPanel Business Edition - Cross-Site Scripting Vulnerability
Exploit for linux platform in category web applications Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Software Link:...
CVE-2019-1578
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser...
Cross site scripting
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser...
CVE-2019-1578
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser...
PowerPanel Business Edition - Cross-Site Scripting
PowerPanel Business Edition - Cross-Site Scripting Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Version: 3.4.0 Tested on: Ubuntu 16.04 CVE...
PowerPanel Business Edition - Cross-Site Scripting
Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Version: 3.4.0 Tested on: Ubuntu 16.04 CVE : Pending CyberPower PowerPanel Business Edition...
CVE-2019-13072
Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...
CVE-2019-13072
Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...
CVE-2019-13072
Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...