Fedora 31 : php-horde-horde (2020-01d7b8b690)

horde 5.2.23 - mjr SECURITY: Fix JavaScript injection vulnerability in mobile login page. - mjr Fix broken cloud search in portal block. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 32 : php-horde-horde (2020-a41fda3b4c)

horde 5.2.23 - mjr SECURITY: Fix JavaScript injection vulnerability in mobile login page. - mjr Fix broken cloud search in portal block. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

IBM Security Secret Server Cross-Site Scripting Vulnerability

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. A cross-site scripting vulnerability exists in IBM Security Secret Server a...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2020-36391)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Agentejo Cockpit cross-site scripting vulnerability (CNVD-2021-24260)

Agentejo Cockpit is a self-hosted "headless" and api-driven lightweight, open source content management system. Agentejo Cockpit 0.10.2 suffers from a reflected cross-site scripting vulnerability. The vulnerability stems from insufficient validation of the to parameter in the /auth/login route. A...

Cross-Site Scripting (XSS)

kumbia/framework is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the PATHINFO in the public/pages/kumbia module...

XSS in WYSIWYG editor via pasted code - CVE-2020-14164

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the WYSIWYG editor. The affected versions are before 8.5.9, and from version 8.6.0 before 8.8.2. Affected versions: version...

WordPress has unspecified vulnerabilities (CNVD-2021-24379)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress, which can be exploited by attackers to inject JavaScript code to...

CVE-2020-4047

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

UBUNTU-CVE-2020-4047

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

CVE-2020-4047

CVE-2020-4047 is an authenticated XSS vulnerability in WordPress. According to the provided sources, in affected WordPress versions, users with upload permissions (e.g., authors) can inject JavaScript into certain media attachment pages, enabling script execution in the context of a higher-privil...

CVE-2020-4047

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

PT-2020-3638 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 WordPress versions 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34 Description: The issue is related to the injection of...

cxf: reflected XSS in the services listing page

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

cxf: reflected XSS in the services listing page

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

IBM Workload Scheduler Cross-Site Scripting Vulnerability

IBM Workload Scheduler is a suite of enterprise task scheduling software from IBM in the United States. The software automates the control of workloads. A cross-site scripting vulnerability exists in IBM Workload Scheduler 9.3.0.4 and earlier versions. An attacker can exploit this vulnerability t...

Prevent JavaScript injection in Operations Manager 2016 web console

Prevent JavaScript injection in Operations Manager 2016 web console Problem description Missing input validation and output encoding allows JavaScript injection, leading to Reflected Cross Site Scripting XSS. Reflected Cross Site Scripting may be used to inject arbitrary JavaScript to the Microso...

IBM Planning Analytics Cross-Site Scripting Vulnerability (CNVD-2020-32654)

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A cross-site scripting vulnerability exists in IBM Planning Analytics. An attacker can exploit thi...

CVE-2020-4023

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter...

CVE-2020-4021

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the XML export view...