4739 matches found
Design/Logic Flaw
It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code that is executed in the context of the victim use...
Cross site scripting
A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be use...
CVE-2019-10049
It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code that is executed in the context of the victim use...
CVE-2019-10049
The CVE-2019-10049 entry concerns Pydio Core (versions up to 8.2.2) where a user with regular access can be manipulated into opening a shared file containing JavaScript that runs in the victim’s browser context, enabling leakage of sensitive data (e.g., session identifiers) and actions on behalf ...
CVE-2019-10047
CVE-2019-10047 is a stored XSS vulnerability in Pydio Core ≤ 8.2.2, exploitable via the file upload and file preview features of the web application. An authenticated attacker can upload an HTML file containing JavaScript and a subsequent file-preview URL can render that file, causing the script ...
Cross site scripting
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2019-8346
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting XSS vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service passwor...
New Relic: CSTI at Plugin page leading to active stored XSS (Publisher name)
Hey team, I have discovered the CSTI vulnerability at NR single Plugin page leading to stored XSS. To plant the payload you need to publish new plugin using account having the payload inside its name. Below I show you the easiest way to reproduce this using a python script which creates the new...
Cross site scripting
IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
Adobe Acrobat Reader DC OCGs state change remote code execution vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.10.20069. This can lead to arbitrary code execution with careful memory manipulation. The victim would need to open the malicious file or...
CVE-2018-4065
An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...
Cross-Site Scripting (XSS)
Red Hat Satellite 5 is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to pass malicious input via the parameters in admin/BunchDetail.do; and software/packages/NameOverview.do; with the intention of executing arbitrary Javascript code on the victims browser...
Cross-Site Scripting (XSS)
Red Hat Satellite 5 is vulnerable to cross-site scripting XSS attacks. The list1680466951oldfilterval parameter is not properly sanitized, allowing a remote attacker to pass a malicious input to execute arbitrary Javascript code on the victims browser...
Arbitrary Code Execution
firefox/thunderbird is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via malicious Javascript code due to improper processing of data types in jsinfer.cpp...
CVE-2018-8035
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...
CVE-2018-8035
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...
Cross site scripting
IBM Jazz Reporting Service JRS 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2019-4033
IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999...
Cross site scripting
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2019-4073
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...