Code injection

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header...

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

CVE-2014-10391

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

CVE-2014-10391

The CVE-2014-10391 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System, specifically versions prior to 4.1. The vulnerability is a JavaScript injection (XSS) flaw caused by insufficient validation of client-side data in the plugin. Impact is that an attacker could trigger...

CVE-2014-10394

The CVE-2014-10394 entry affects the WordPress Rich Counter plugin prior to version 1.2.0. The vulnerability is a JavaScript injection resulting from a crafted User-Agent header, as documented across multiple sources (NVD entry and vendor/Red Hat references). The practical impact is an injection ...

CVE-2014-10394

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header...

IBM Cloud Private Cross-Site Scripting Vulnerability

IBM Cloud Private is a set of enterprise private cloud solutions from IBM USA. The product is built primarily on Kubernetes and container technology. A cross-site scripting vulnerability exists in IBM Cloud Private, which can be exploited by remote attackers to inject arbitrary JavaScript code in...

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

Overview Boxbilling is a free billing & client management software Affected versions of this software are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript with object decoding such as alert1 resulting in XSS. Technical Description if we look in...

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other th...

MapProxy 1.11.0 Cross Site Scripting

waraxe-2019-SA110 - Reflected XSS in MapProxy 1.11.0 ================================================================================ Author: Janek Vind "waraxe" Date: 07. August 2019 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-110.html Target description: MapProxy is an open sour...

CVE-2019-10376

A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...

CVE-2019-7935

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

CVE-2019-7897

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

Cross site scripting

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

CVE-2019-7935

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

CVE-2019-7926

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript...

MyEtherWallet: Malicious Node JavaScript Injection Leading to Theft of Private Keys and User Funds

Summary This vulnerability allows injection of arbitrary JavaScript code by the node that the MyEtherWallet user is connected to. This could be one of the default nodes e.g api.myetherwallet.com, or a custom node. With this code injection, the private key can be stolen if Keystore File or Private...

Cross-site Scripting (XSS)

invenio-previewer is vulnerable to cross-site scripting XSS. It does not escape the user-uploaded file and directly render the file in the JSON, Markdown and iPython Notebook previewers, allowing an attacker to inject arbitrary Javascript into a victim's browser using a malicious file...

CVE-2019-14329

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

PT-2019-13643 · WordPress · Email Subscribers & Newsletters

Name of the Vulnerable Software and Affected Versions: Email Subscribers & Newsletters plugin version 4.1.6 Description: The issue allows an attacker to inject malicious JavaScript code through a publicly available subscription form. This is achieved by exploiting the esfpx name parameter in the...