SOPlanning Cross-Site Scripting Vulnerability (CNVD-2020-13153)

SOPlanning is an online planning tool for efficiently organizing projects and tasks. A cross-site scripting vulnerability exists in SOPlanning 1.45. The vulnerability can be exploited to execute javascript code via the "Your SoPlanning url" field...

SAS Visual Analytics Cross-Site Scripting Vulnerability

SAS Visual Analytics is data visualization software that helps build and design interactive Web dashboards. A cross-site scripting vulnerability exists in the graph generator in SAS Visual Analytics 8.5. An attacker can exploit this vulnerability to execute malicious Javascript in a user's browse...

CVE-2020-9339

SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Recent assessments: horshark at March 09, 2020 8:38pm UTC reported: Recap Javascript execution. Where On the ip/www/status.php page, you can execute Javascript in the name and comment fields. Assessed Attacker Value: 2 Assessed...

CVE-2020-6798

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

CVE-2020-8514

CVE-2020-8514 concerns Rumpus 8.2.10 on macOS, where crafting a directory name can trigger a JavaScript payload in the web app after invoking the rename folder function, effectively a cross-site scripting issue in the web interface. The documents collectively indicate an XSS scenario in the Maxum...

Cross site scripting

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site...

CVE-2020-7937

CVE-2020-7937 is an XSS vulnerability in the title field of Plone 5.0–5.2.1. The issue allows users with a certain privilege level to inject JavaScript that executes for other site visitors. The core vulnerability is in the title field handling, enabling stored or reflected XSS depending on conte...

PYSEC-2020-162

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...

Cross-Site Scripting

Overview All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers bei...

DEBIAN-CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior...

PT-2020-15043 · Otrs +2 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 5.0.39 and prior versions OTRS Community Edition versions 6.0.24 and prior versions OTRS Community Edition versions 7.0.13 and prior versions Description: The issue arises from improper handling of uploaded...

UBUNTU-CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

Automattic: Theme Assets uploader allows HTML content

The reporter submitted a report highlighting that specially formatted yet valid HTML files were able to be uploaded as theme assets. Even though we allow for JavaScript on our blog network, we don't allow HTML files to be uploaded here so that we can restrict JavaScript execution to the blog...

CVE-2019-18652

A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and...

CVE-2019-18652

A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and...

IBM Financial Transaction Manager for SWIFT Services Multiple Security Vulnerabilities

Description IBM Financial Transaction Manager for SWIFT Services is prone to the following security vulnerabilities: 1. A clickjacking vulnerability 2. A cross-site scripting vulnerability 3. An information-disclosure vulnerability 4. A cross-site request-forgery vulnerability An attacker can...

CVE-2019-8792

An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2019-8792

An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

hostapd CVE-2019-5062 Denial of Service Vulnerability

Description hostapd is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Technologies Affected W1.F1 Hostapd 2.6 Recommendations Run all software as a nonprivileged user with minimal access rights. To reduce the impact of latent...

CVE-2019-18347

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...