CVE-2020-25146

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for editsyslogrule...

CVE-2020-25139

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...

CVE-2020-25137

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alertname or alertmessage parameter to the...

Cross site scripting

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8...

CVE-2020-15161

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8...

CVE-2020-15161

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8...

CVE-2020-15161

Summary: CVE-2020-15161 affects PrestaShop. Versions 1.6.0.4 and earlier than 1.7.6.8 allow an attacker to inject JavaScript via the contact form, due to improper handling of externally entered data during code snippet construction. The issue is addressed in version 1.7.6.8. Impact & context (per...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. The vulnerability is possible because it does not sanitize news item title link in NewsPanel.js, allowing a remote attacker to inject arbitrary Javascript through news panel when rendering RSS links...

Cross-Site Scripting (XSS)

vanilla/nbbc is vulnerable to cross-site scripting XSS attacks. An attacker is able to inject and execute arbitrary Javascript code via the page field due to insufficient sanitations in the input string...

Cross-Site Scripting (XSS)

prestashop/contactform is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the message field...

CVE-2020-15178

In PrestaShop contactform module prestashop/contactform before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser...

CVE-2020-15178

CVE-2020-15178 affects the PrestaShop contactform module (prestashop/contactform) prior to version 4.3.0. The vulnerability arises from incorrect unescaping of the message field in the contact form, enabling an attacker to inject and execute arbitrary JavaScript in a victim’s browser (XSS). Multi...

Cross-Site Scripting (XSS)

flsaba is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the file and directory name when creating a listing directory page...

vtenext cross-site scripting vulnerability

vtenext is a unique open source CRM + BPM solution for comprehensive management of leads, contacts and customers. A cross-site scripting vulnerability exists in the Messaging module of vtenext version 19 CE. The vulnerability can be exploited to inject arbitrary JavaScript code via the "From" fie...

CVE-2019-14760

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's...

CVE-2019-14761

An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application's UI e.g.,...

CVE-2019-14761

An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application's UI e.g.,...

CVE-2019-14759

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio...

CVE-2019-14757

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...