5782 matches found
APSB20-56 Security update available for Adobe Experience Manager
Adobe has released updates for Adobe Experience Manager AEM and the AEM Forms add-on package. These updates resolve vulnerabilities rated Critical and Important. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...
Brave Software: Arbitrary file download due to bad handling of Redirects in WebTorrent
Summary: Previously I reported 963155 how an attacker can trick user into downloading malicious files using ".save torrent" feature, In this report I am going to reproduce the same behavior but by abusing a different feature. Description While I was testing webtorrent on brave I noticed that...
GHSA-25V4-MCX4-HH35 Cross-Site Scripting in atlasboard-atlassian-package
All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...
Cross-Site Scripting in takeapeek
All versions of takeapeek are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider usin...
GHSA-V9WP-8R97-V6XG Cross-Site Scripting in jquery.json-viewer
Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting XSS. The package insufficiently sanitizes user input when creating links, and concatenates the user input in an tag. This allows attackers to create malicious links with JSON payloads such as: "foo":...
GHSA-G7MW-5CQ6-FV82 Cross-Site Scripting in wangeditor
All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...
GHSA-3QH4-R86R-GRVM Arbitrary JavaScript Execution in typed-function
Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later...
Arbitrary JavaScript Execution in typed-function
Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later...
GHSA-49RV-G7W5-M8XX Cross-Site Scripting in @novnc/novnc
Versions of @novnc/novnc prior to 0.6.2 are vulnerable to Cross-Site Scripting XSS. The package fails to validate input from the remote VNC server such as the VNC server name. This allows an attacker in control of the remote server to execute arbitrary JavaScript in the noVNC web page. It affects...
CVE-2020-19007
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser...
Brave Software: Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS
Summary: An attacker can use the "Save .torrent file" option in WebTorrent to smuggle malicious files onto the client's machine. Description Brave allows users to download the ".torrent" via WebTorrent. WebTorrent decides whether a file is torrent or not based on the following headers...
Cross-site scripting vulnerability in TinyMCE
Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...
BugPoC: XSS Challenge #2 Solution
Summary: An attacker can achieve arbitrary JavaScript execution in the context of the user's session on calc.buggywebsite.com. This is possible due to a weak origin check in the message event handler in http://calc.buggywebsite.com/frame.js as well as improper handling of the message data, allowi...
Design/Logic Flaw
In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript...
CVE-2020-15907
In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript...
CVE-2020-13913
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c,...
CVE-2020-15037
NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st parameter...
Engel & VΓΆlkers Technology GmbH: reflected xss in ββββββ
Summary: your subdomain : ββββββ suffer from reflected xss bug that leads to execute javascript codes into browser Steps To Reproduce: add details for how we can reproduce the issue 1. visit : βββββ 2. you will see popup and xss confirmed Supporting Material/References: βββββ Impact An attacker c...
Cross-Site Scripting (XSS)
github.com/astaxie/beego/issues is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Router Pattern...
WordPress Multiple Vulnerabilities (Jun 2020) - Windows
WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...