5000 matches found
MTN Group: Cross-Site Scripting through search form on mtnplay.co.zm
Summary: There is a XSS vulnerability that can be triggered through a search form on mtnplay.co.zm Steps To Reproduce: 1. Navigate to http://www.mtnplay.co.zm/smart/jqm.aspx 2. Click on the search button or go to this link: http://www.mtnplay.co.zm/smart/jqm.aspx?event=search&mnu=search&ctrlid=92...
CVE-2019-18267
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...
CVE-2019-18267
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...
CVE-2019-18267
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...
Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096
This module enables you to create forms to collect information from users and report, analyze and distribute it by email. The 7.x-3.x module doesn't sufficiently sanitize token values taken from query strings. If a query string token is used as the value of a markup component, an attacker can...
IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability
IBM WebSphere Application Server Liberty is a U.S. IBM company built on the Open Liberty project on top of the Java application server . A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 19.0.0.11. A remote attacker can exploit this...
Cross site scripting
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
IBM Planning Analytics Cross-Site Scripting Vulnerability (CNVD-2019-44562)
IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A cross-site scripting vulnerability exists in IBM Planning Analytics version 2.0. An attacker can...
Cross-Site Scripting (XSS)
gitbook is vulnerable to cross-site scripting XSS. An attacker is able to inject arbitrary Javascript into a victim's browser using a local .md file which is rendered when displayed on the browser...
Cross-Site Scripting (XSS)
devalue is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript on a victim's browser using a malicious regular expression containing Javascript...
Cross-Site Scripting (XSS)
jetty-server is vulnerable to cross-site scripting. The server response containing the default error message from stacktraces is not sanitized and escaped before being displayed, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser...
IBM Cloud Pak System Platform System Manager Cross-Site Scripting Vulnerability
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. A cross-site scripting vulnerability exists in Platform System Manager in IBM...
Cross-Site Scripting (XSS)
vuetify is vulnerable to cross-site scripting XSS attacks. The user inputs are directly rendered and executed as HTML without sanitation in 'VInput.ts', allowing an attacker to inject arbitrary Javascript...
FreeBSD : wordpress -- multiple issues (459df1ba-051c-11ea-9673-4c72b94353b5)
wordpress developers reports : Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS...
GHSA-XV69-F7X5-R4QW Magento Cross-Site Scripting via Attribute Set Name
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2019-40462)
IBM Cognos Analytics is a suite of business intelligence software from IBM USA that provides you with valuable information, secure data governance and reporting. A cross-site scripting vulnerability exists in IBM Cognos Analytics versions 11.0 through 11.1, which can be exploited by a remote...
Portainer Cross-Site Scripting Vulnerability (CNVD-2019-40484)
Portainer is an open source lightweight management UI that allows you to easily manage docker hosts or clusters. A stored cross-site scripting vulnerability exists in the isteven-multi-select component in Portainer versions prior to 1.22.1. An attacker can exploit this vulnerability to inject...
Magento cross-site scripting vulnerability (CNVD-2019-40736)
Magento is an open source PHP e-commerce system from the U.S. company Magento. A cross-site scripting vulnerability exists in Magento. An attacker can exploit this vulnerability to inject malicious JavaScript into the management console cache...
CVE-2019-8228
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template...
CVE-2019-8227
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...