CVE-2019-11812

CVE-2019-11812 is a persistent XSS in MISP prior to 2.4.107. The vulnerability is in the PHP component app/View/Helper/CommandHelper.php, where JavaScript can be injected via the discussion interface and triggered by clicking a link. Affected product/version: MISP (before 2.4.107). Root cause is ...

Cross Site Scripting (XSS) in Demisto

A cross-site scripting XSS vulnerability exists in the Palo Alto Networks Demisto. Ref CVE-2019-1568 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects Demisto 4.5 build 40249 Work around: N/A...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

CVE-2018-16220 affects AudioCodes 405HD VoIP phone with firmware 2.2.12. Affected component: the device’s web interface. Root cause: Cross Site Scripting in input fields (domain field and personal settings) that lets an attacker inject JavaScript by manipulating phone book entries or the domain n...

Cross site scripting

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

Cross-Site Scripting (XSS)

com.liferay.currency.converter.web is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the symbol to steal session tokens or perform unwanted actions on behalf of the user...

Shopify: Cross Site Scripting at https://app.oberlo.com/

1- create an account from https://app.oberlo.com/ 2- path to https://app.oberlo.com/settings/account/profile 3- inject javascript code or xss payload at Name form 4- it will be printed at page and executed payload that i used it " Impact This vulnerability can be used by attacker to serve malicio...

CVE-2018-19202

A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsettingbburl' parameter...

CVE-2018-19202

A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsettingbburl' parameter...

Cross-Site Scripting in Expedition Migration Tool

A cross-site scripting XSS vulnerability exist in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-1009/ CVE-2019-1574 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the Devices View. This issue affects Expedition 1.1....

CVE-2019-1567

The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings...

A vulnerability in the library for processing and transforming HTML/XML code fragments, called Ruby Loofah, arises due to improper handling of input during web page generation. This vulnerability allows attackers to inject arbitrary JavaScript code.

The vulnerability in the library for processing and transforming HTML/XML code fragments in Ruby Loofah is related to insufficient cleaning of SVG elements in JavaScript. Exploiting this vulnerability allows a remote attacker to inject arbitrary JavaScript code...

Cross site scripting

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...

CVE-2018-17989

CVE-2018-17989 affects D-Link DSL-3782 devices (firmware 1.01). A stored XSS vulnerability exists in the device’s web interface, allowing an authenticated attacker to inject a JavaScript/HTML payload into the ACL page. The payload executes when the browser requests "/cgi-bin/New_GUI/Acl.asp". Acc...

Cross site scripting

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

CVE-2018-19201

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

CVE-2018-19201

CVE-2018-19201: A reflected XSS in MyBB’s ModCP Profile Editor affects versions before 1.8.20. An attacker can inject JavaScript via the username parameter (remote, network-based). Impact is client-side script execution as described; mitigation is to upgrade to MyBB 1.8.20 (security maintenance r...

CVE-2018-19201

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

Cross-Site Scripting (XSS)

apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...