WSO API Manager Cross-Site Scripting Vulnerability

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. A cross-site scripting vulnerability exists in WSO2 API Manager version 3.1.0 and earlier versions, which originates from the failure to filter user input in the owner POST parameter of the administration interface ...

Cross-Site Scripting (XSS)

scratch-svg-renderer is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript via an SVG document due to the lack of escaping in the transformMeasurements function...

CVE-2020-7747 Cross-site Scripting (XSS)

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller...

HUAWEI Mate 20 JavaScript Injection Vulnerability

Huawei Mate 20 is a smartphone from Chinese company Huawei Huawei. An injection vulnerability exists in previous versions of Huawei HUAWEI Mate 20 10.1.0.163 C00E160R3P8, which stems from a module that does not perform input checksums on specific inputs. An attacker can exploit this vulnerability...

CVE-2020-9092

HUAWEI Mate 20 versions earlier than 10.1.0.163C00E160R3P8 have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module...

CVE-2020-9092

HUAWEI Mate 20 versions earlier than 10.1.0.163C00E160R3P8 have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module...

CVE-2020-9092

CVE-2020-9092 affects Huawei Mate 20 devices running versions earlier than 10.1.0.163 (C00E160R3P8). The issue is a JavaScript injection vulnerability where a module does not verify specific input, allowing attackers to bypass the filter mechanism and inject JavaScript, potentially compromising t...

CVE-2019-13633

Blinger.io v1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can inject arbitrary JavaScript through built-in communication channels (Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, Odnoklassniki), with exploitation impacting the admin-conversation panels: /conversations/all, /c...

Design/Logic Flaw

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...

Exploit for Cross-site Scripting in Olimpoks Olimpok

CVE-2020-16270 Suggested description: OLIMPOKS under 3...

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a...

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by a stored XSS via the webquery.pl User-Agent header. An unauthenticated attacker can inject JavaScript that is rendered when admins log in, potentially forcing the admin to upload a malicious Perl script that could be executed as root through libMis...

PT-2020-16465 · Leostream · Leostream Connection Broker

Name of the Vulnerable Software and Affected Versions: Leostream Connection Broker versions 8.2.x Description: The issue allows an unauthenticated attacker to inject arbitrary JavaScript code via the User-Agent HTTP header in the webquery.pl file. This code is rendered by administrators the next...

CVE-2019-20920

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Observium cross-site scripting vulnerability (CNVD-2020-62446)

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject and store malicious JavaScript code via...

Observium cross-site scripting vulnerability (CNVD-2020-54787)

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. The vulnerability can be exploited by an attacker to inject and store malicious JavaScript...

Anchor CMS Stored Cross-Site Scripting Vulnerability

Anchor CMS is a content management system. Anchor CMS stored cross-site scripting vulnerability. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...