CVE-2019-13643

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

CVE-2019-13643

EspoCRM before 5.6.4 is affected by a stored XSS vulnerability. A malicious payload can be stored in a new stream message and later triggered by clicking a link on the Notifications page, allowing remote execution of JavaScript in the victim’s browser. Root cause is a stored XSS in the stream mes...

Cross-Site Scripting

Overview Versions of dmn-js-properties-panel prior to 0.8.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.3.0 ...

Cross-Site Scripting

Overview Versions of cmmn-js-properties-panel prior to 0.8.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.8.0...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2019-23520)

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be exploited by...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2019-23971)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

Cross-Site Scripting (XSS)

yoast/wordpress-seo is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser through term descriptions...

Cross-Site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. Lack of encoding of the base URL before passing into an iframe content in the preview plugin allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

JetBrains TeamCity Code Injection Vulnerability (CNVD-2019-24233)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A code injection vulnerability exists in the...

DEBIAN-CVE-2018-11563

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application...

UBUNTU-CVE-2018-11563

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application...

Cross-site Scripting (XSS)

umbraco cms is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the nodename parameter during the creation of a new page related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

CVE-2019-12844

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3...

CVE-2019-12844

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3...

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...

Design/Logic Flaw

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...