Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...

Code injection

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

PT-2018-2643

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.2.2 Description The issue is related to insufficient sanitization of SVG elements in JavaScript, which can lead to the occurrence of unsanitized JavaScript in sanitized output when a crafted SVG element i...

Infogram: Stored XSS in infogram.com via language

The stored XSS was found in the language profile parameter. POC: Change profile settings with following request: http PUT /api/users/me HTTP/1.1 Host: infogram.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:63.0 Gecko/20100101 Firefox/63.0 Accept: / Accept-Language: en-US,en;q=0.5...

IBM WebSphere Commerce Cross-Site Scripting Vulnerability (CNVD-2018-22091)

IBM WebSphere Commerce is a suite of e-commerce solutions from IBM in the United States. The solution supports all sales business models, including B2C, B2B and B2B2C, on a single customer interaction platform. A cross-site scripting vulnerability exists in IBM WebSphere Commerce. A remote attack...

Stored Cross-site Scripting Vulnerability in S-CMS E-commerce System

S-CMS e-commerce system is an e-commerce software. A stored cross-site scripting vulnerability exists in the S-CMS e-commerce system. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...

AjentiCP 1.2.23.13 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker c...

AjentiCP 1.2.23.13 - Cross-Site Scripting

Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker can inject JavaScript codes without Ajenti privileges b...

AjentiCP 1.2.23.13 Cross Site Scripting

Title: AjentiCP Dir Name Based Stored XSS dir 2- Open this directory in File Manager tool in Ajenti server admin panel. // for secure days...

CVE-2018-10141

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20549)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20547)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20548)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

IBM Rational Collaborative Lifecycle Management Cross-Site Scripting Vulnerability (CNVD-2018-20674)

IBM Rational Collaborative Lifecycle Management is a suite of collaborative design model management software from IBM in the United States. The software supports the use of centralized system repositories for storing, sharing, searching and managing design models, as well as automated software...

Cross-site Scripting (XSS)

coastercms is vulnerable to cross-site scripting XSS attacks. A malicious user can pass a POST request to the application to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

intelliants/subrion is vulnerable to cross-site scripting. An attacker is able to inject arbitrary Javascript into a victim's browser via the titlesen parameter in core/admin/pages/add/ to steal session cookies or perform unwanted actions on behalf of the user...

CVE-2018-14037

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...

Cross site scripting

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...