CVE-2018-1000177

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...

Multiple vulnerabilities in Loxone Smart Home

Vendor & product description: "Loxone Electronics was founded in 2009. Our focus is the development and production of control solutions for all homes. Our aim is to make home automation interesting, affordable and accessible for everyone." URL: http://www.loxone.com/enus/company/about-us.html...

Frog CMS 0.9.5 - Persistent Cross-Site Scripting

Exploit Title: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings Date: 2018-04-23 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version: 0.9.5 Tested on: php 5.6...

Frog CMS 0.9.5 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/philippe/FrogCMS Software Link:...

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

CVE-2018-1000162

Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...

XYHCMS Cross-Site Scripting Vulnerability

XYHCMS is an open source content management system CMS. A cross-site scripting vulnerability exists in XYHCMS version 3.5. A remote attacker can exploit this vulnerability by sending the 'test' parameter to the index.php file to execute JavaScript code...

CVE-2018-1000154

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...

See how I construct the DSPL language packs found in Google by stored XSS and SSRF vulnerability-vulnerability warning-the black bar safety net

! Master data will be able to rule the whole world – Softbank Masayoshi This article tells me through an elaborate Google dataset publishing language DSPL., at the request www. google. com environment, construct a storage-typeXSSvulnerabilities, in addition, the use of the DSPL remote data source...

CVE-2018-5799

In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATIONNAME= URI, aka SD-69139...

WordPress Duplicator Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Duplicator plugin version 1.2.32, which can be exploited by an...

Jupyter Notebook JavaScript Malicious Fake File Vulnerability

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A security vulnerability exists in Jupyter Notebook versions prior to 5.4.1. An attacker can exploit this vulnerability to execute JavaScript code in a notepad context with t...

Jolokia Agent Cross-Site Scripting Vulnerability

Jolokia is a use of JSON via Http to achieve JMX remote management of open source projects , it provides JMX batch operation , security policies , etc. Jolokia agent is one of the agent . Jolokia agent 1.3.7 version of the HTTP servlet has a cross-site scripting vulnerability . A remote attacker...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Design/Logic Flaw

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

UBUNTU-CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

DEBIAN-CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

CVE-2018-8768

CVE-2018-8768 affects Jupyter Notebook up to version 5.4.1. A maliciously forged notebook can bypass sanitization, allowing JavaScript execution in the notebook context due to how invalid HTML is fixed by jQuery after sanitization (XSS risk). The issue is documented in multiple advisories (Debian...