CVE-2018-13351

TerraMaster TOS 3.1.03 Control Panel contains a cross-site scripting vulnerability that allows attackers to execute JavaScript through the edit password form. The provided documents do not specify the vulnerable component version beyond 3.1.03, nor any patched remediation or available exploit det...

Cross site scripting

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "optionssysname" parameter...

CVE-2018-13334

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "optionssysname" parameter...

TOTOLINK A3002RU cross-site scripting vulnerability (CNVD-2018-24105)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the password.htm page in TOTOLINK A3002RU version 1.0.8. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code with the help of a username...

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

Debian DLA-1592-1 : otrs2 security update

Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

Valine HTML Injection

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

CVE-2018-19351

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

Design/Logic Flaw

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

CVE-2018-19289

Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

Information disclosure

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

CVE-2018-2485

The CVE-2018-2485 entry relates to SAP Fiori Client where a malicious app can cause the SAP Fiori app to execute JavaScript, enabling reading/writing information and invoking device JS APIs. Connected documents indicate SAP Fiori Client version 1.11.5 in Google Play addresses these issues, and us...

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

fat_free_crm gem XSS vulnerability via query parameter

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2019-01909)

F5 BIG-IP is an all-in-one network device from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the Configuration utility page in F5 BIG-IP versions 13.0.0-13.1.1.1 and...