4739 matches found
CVE-2018-1422
IBM Jazz Foundation products IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2018-1155
In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...
Chaturbate: Internal loop going to infinite for cb.setTimeout(func, msecs) for broadcast app.
Hi There, I am not sure about that this is vulnerability for @chaturbate or not but in my seeing i thought it can be vulnerable and attacker can use this vulnerability for exploitation on @chaturbate website with normal user so finally i decide to report. As i was just playing with Broadcast app...
Shopify: Admin bar: Incomplete message origin validation results in XSS
This issue is very similar to https://hackerone.com/reports/381192, identical logic in a different script. The JavaScript code at https://cdn.shopify.com/s/assets/storefront/bars/adminbarinjector-7461c2cab955bf9ef3df40acd10741df8c4e27c86d9dc323f65a4e786a1786f2.js loaded by the shop front when the...
GHSA-H95J-H2RV-QRG4 Django Cross-Site Request Forgery vulnerability
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...
Cross-Site Scripting (XSS)
statics-server is vulnerable to cross-site scripting XSS. It is possible for an attacker to inject malicious iframe tags via the filename parameter and execute arbitray Javascript code. This is due to a lack of output encoding when the statics-server displays the directory index...
Chrome Now Features Site Isolation to Defend Against Spectre
Google introduced new security mitigations for its Chrome browser to defend against recently discovered Spectre variants. The new security feature, called site isolation, essentially isolates different browser work processes between various browser tabs. That means one tab’s webpage rendering and...
CVE-2017-1791
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2018-1523
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Cross site scripting
IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...
Adobe Acrobat Reader DC JSON Stringify Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a use-after-free condition when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...
Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code
h3. Summary Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code h3. Steps to Reproduce Log in to customer portal and create a new request Attach new SVG file which contains JavaScript code filename: smiley-test.svg: !screenshot-1.png|thumbnail! After the...
Cross site scripting
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1428...
U.S. Dept Of Defense: █████ - DOM-based XSS
Greetings, I've discovered a DOM-based XSS at ███ Proof of concept: 1. Go to https://████/█████████/home/troubleshoot.html?lang=en 2. In the username field, add the following code: --button/autofocus/onfocus=Function"confirm1";//name="XSS 3. The javascript code is correctly executed: ██████ Impac...
Cross site scripting
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2018-3748
The CVE concerns the Node.js module glance with a stored XSS vulnerability due to unsanitized file names served by its static directory. Connected sources show affected versions include glance
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2017-1651
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...