CVE-2019-18347

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...

Cross site scripting

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...

CVE-2019-18347

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...

VMware Harbor Container Registry for PCF Multiple Security Vulnerabilities

Description VMware Harbor Container Registry for PCF is prone to the following security vulnerabilities. 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A privilege-escalation vulnerability 4. A user-enumeration vulnerability Exploiting this issue...

TCL Communication Alcatel Cingular Flip 2 B9HUAH1 Injection Vulnerability

The TCL Communication Alcatel Cingular Flip 2 B9HUAH1 is a cell phone from TCL Communication TCL, a Chinese company. A security vulnerability exists in the TCL Communication Alcatel Cingular Flip 2 B9HUAH1, which stems from an undocumented Web API in the device that allows JavaScript code to be...

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

Design/Logic Flaw

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

CVE-2019-19329

CVE-2019-19329 affects the Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT (2019-11-07). The vulnerability is a cross-site scripting (XSS) flaw where arbitrary JavaScript could execute when mathematical expressions in results are rendered directly. The underlying cause is inadequate h...

CVE-2019-19206

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

IBM Case Manager CVE-2019-4426 Cross Site Scripting Vulnerability

Description IBM Case Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

IBM WebSphere eXtreme Scale Admin API Cross-Site Scripting Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution from IBM in the United States. The product supports dynamic caching, partitioning, replication, and management of application data and business logic across multiple servers.Admin API is one of the management API Application Programmin...

Apache Atlas CVE-2019-10070 HTML Injection Vulnerability

Description Apache Atlas is prone to an HTML injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

Design/Logic Flaw

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

CVE-2019-18949

SnowHaze vulnerable to unintended JavaScript execution before 2.6.6 due to a delay in honoring per-site JavaScript blocking during a chain of webpage redirections. Affected: SnowHaze prior to 2.6.6. Root cause: failure to timely apply per-site JS blocking settings under redirection sequences. Imp...

CVE-2019-18949

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

Cross-site Scripting in Grav

Grav through 1.6.15 allows Stored Cross-Site Scripting due to JavaScript execution in SVG images...

Design/Logic Flaw

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...

CVE-2019-13081

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...

About the security content of Shazam iOS App Version 12.11.0 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Redhat Quay CVE-2019-3865 HTML Injection Vulnerability

Description Redhat Quay is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-bas...