CVE-2019-9752

An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...

CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...

CVE-2019-9751

The CVE-2019-9751 vulnerability affects Open Ticket Request System (OTRS). Affects OTRS 6.x prior to version 6.0.17 and 7.x prior to 7.0.5. The issue arises from Kernel/Output/Template/Document.pm, where an admin-user can manipulate the URL to cause JavaScript execution in the OTRS context. Impac...

CICMS V2.1 18013 has xss vulnerability

CICMS system is developed by php+mysql, based on CodeIgniter, and is mainly used for enterprise building. CICMS V2.1 18013 has an xss vulnerability, which can be exploited by attackers to execute arbitrary JavaScript code...

PYSEC-2019-142

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

DEBIAN-CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

UBUNTU-CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

chromium-browser: Insufficient policy enforcement

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

Cross site scripting

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

CVE-2019-7343

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorMethod' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7341

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...

Cross site scripting

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

MailEnable cross-site scripting vulnerability (CNVD-2019-27601)

MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in MailEnable versions prior to 8.60. An attacker can exploit this vulnerability to execute JavaScript code by sending an email...

Pornhub: XSS reflected on [https://www.youporn.com]

The researcher managed to obtain arbitrary javascript execution through reflected XSS on the Youtube World's RSS feed...

Remote code execution

Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2019-03299)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site scripting vulnerability exists in MetInfo versions 6.x to 6.1.3, which can be exploited by remote attackers to execute JavaScript code by sending the 'urlarray' paramete...

Veeam Explorer for Microsoft Exchange Javascript Execution Vulnerability

Challenge The vulnerability allows execution of arbitrary code in emails containing inline Javascript. NOTE: This has been corrected in Veeam Backup for MIcrosoft Office 365 version 3 and Veeam Backup & Replication version U4a. Cause The affected component is Veeam Explorer for Microsoft Exchange...

LimeSurvey cross-site scripting vulnerability (CNVD-2018-26471)

LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site scripting vulnerability exists in LimeSurvey. A remote attacker can...