IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2020-22338)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

CVE-2020-11508

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...

DrayTek Vigor2700 Series < 2.8.4 Javascript Injection Vulnerability

Multiple DrayTek Vigor Routers are prone to a javascript injection vulnerability. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as publish...

Cross-Site Scripting (XSS)

squid is vulnerasble to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the username or auth parameter in cachemgr.cgi...

IBM Tivoli Netcool Impact Cross-Site Scripting Vulnerability (CNVD-2020-20671)

IBM Tivoli Netcool Impact is a suite of network management software from IBM in the United States. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. A cross-site scripting vulnerabilit...

CVE-2020-5339

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript...

Cross-Site Scripting (XSS)

github.com/hashicorp/nomad is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute JavaScript in a user's browser via a malicious workload in the cluster. The user's browser executes the file when it is displayed in its raw form from the API or UI...

Stored XSS via malicious file upload - CVE-2020-14173

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected versions version 8.5.4 8.6.0 ≤ version ≤ 8.7.0 8.7.0 ≤ version 8.7.1 Fixed versions 8.5.4 8.7...

Apache DeltaSpike Injection Vulnerability

Apache DeltaSpike is a portable CDI extension suite from the Apache Software USA Foundation. A security vulnerability exists in the windowhandler.js file in Apache DeltaSpike 1.9.2 and earlier versions. An attacker can exploit the vulnerability to inject JavaScript code...

DEBIAN-CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

UBUNTU-CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

CVE-2020-10196

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

PT-2020-11969 · WordPress · Popup Builder

Name of the Vulnerable Software and Affected Versions: popup-builder plugin versions prior to 3.64.1 Description: The issue allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. An unauthenticated attacker can insert...

Munkireport Cross-Site Scripting Vulnerability (CNVD-2020-16631)

Munkireport is a reporting client for munki. A cross-site scripting vulnerability exists in Munkireport versions prior to 5.3.0. An attacker can exploit this vulnerability by injecting javascript into the comment field via the /module/comment/save endpoint...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

Design/Logic Flaw

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

CVE-2020-9758

LiveZilla Live Chat 8.0.1.3 (Helpdesk) is affected by CVE-2020-9758 due to a blind JavaScript injection in chat.php (name parameter). This stored XSS can reveal usernames/passwords stored in the database via the mobile/chat URI (lgn/psswrd), enabling privilege escalation from unauthenticated to u...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

UBUNTU-CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...