CVE-2018-7636

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs...

CVE-2018-9335

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

CVE-2018-7636

PAN-OS 8.0.10 and earlier are affected by CVE-2018-7636 — a Cross-Site Scripting flaw in the URL filtering “continue page” that allows injection of arbitrary JavaScript/HTML via crafted URLs. The issue affects PAN-OS 8.0.x (and not 8.1.x/7.1.x/6.1.x as stated in advisories) and is addressed by ve...

CVE-2018-9337

CVE-2018-9337 is an XSS vulnerability in the PAN-OS Web interface administration page. Affected PAN-OS: 6.1.20 and earlier; 7.1.17 and earlier; 8.0.10 and earlier; 8.1.1 and earlier. The issue allows an attacker to inject arbitrary JavaScript or HTML via the web interface. Exploitation requires p...

CVE-2017-1621

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in a PAN-OS web interface administration page. Ref. PAN-93242; CVE-2018-9337 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting...

Cross Site Scripting in PAN-OS

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS URL filtering “continue page” Ref PAN-OS 90835, CVE-2018-7636. PAN-OS software does not properly validate specific request parameters. Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML i...

QNAP QTS APP Center Cross-Site Scripting Vulnerability

QNAP QTS is a Turbo NAS operating system from QNAP Systems that provides file storage, management, backup, multimedia applications and security monitoring. The system provides file storage, management, backup, multimedia applications and security monitoring, etc. APP Center is one of the...

CVE-2017-13072

Cross-site scripting XSS vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code...

Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability.

Summary IBM HTTP Server Response Time module, which is delivered as part of IBM Performance Management, has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1441 DESCRIPTION: IBM Application Performance Management - Response Time Monitoring Agent is vulnerable to...

Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Javascript Injection Attack (CVE-2017-1305)

Summary An undisclosed security vulnerability in IBM Rational DOORS Next Generation may allow a JavaScript Injection attack Vulnerability Details CVEID: CVE-2017-1305 DESCRIPTION: IBM DOORS Next Generation DNG/RRC is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Security Bulletin: IBM Call Center for Commerce is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-6056)

Summary IBM Call Center for Commerce is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts. Vulnerability Details CVEID: CVE-2016-6056 DESCRIPTION: IBM Call Center for Commerce is vulnerable to cross-site scripting. This vulnerability...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) - CVE-2017-1425

Summary IBM BPM reflects untrusted user input without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection. Vulnerability Details CVEID: CVE-2017-1425 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This...

LuckyMouse hits national data center to organize country-level waterholing campaign

What happened? In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government...

QNAP QTS App Center XSS Vulnerability (NAS-201805-16)

QNAP QTS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; if...

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

DEBIAN-CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

Code injection

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...