CVE-2019-8227

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label...

Magento Cross-Site Scripting Vulnerability (CNVD-2019-40835)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento versions prior to 1.9.4.3 and prior to 1.14.4.3. An attacker can explo...

Magento cross-site scripting vulnerability (CNVD-2019-40833)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. Magento 2.2 version and 2.3 version of a security vulnerability , the vulnerability stems from the cleaning engin...

CVE-2019-8228

in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template...

CVE-2019-8148

A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification...

PT-2020-9824 · Otrs +2 · Otrs +2

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.0.x through 7.0.11 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.37 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.22 Description: An issu...

CVE-2011-0428

Cross Site Scripting XSS in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments...

Cross-Site Scripting (XSS)

resque-cleaner is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the klass, from, to, page and exception parameters...

Cross-site Scripting in node-red-dashboard

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

GHSA-XG59-M7WX-853Q Cross-site Scripting in node-red-dashboard

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

IBM Cloud Orchestrator Cross-Site Scripting Vulnerability

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. A...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2019-39205)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

CVE-2019-18219

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...

Cross site scripting

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...

CVE-2019-18219

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...

Exploit for Code Injection in Elastic Kibana

PoC exploit for CVE-2019-7609, an RCE vulnerability in Kibana ve...

CVE-2019-16330

In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...