Cross-Site Scripting (XSS)

league/commonmark is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via unsafe links using double-encoded HTML entities to steal session tokens or perform unwanted actions on behalf of the user...

PT-2019-2580 · Jenkins · Jenkins Lockable Resources Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lockable Resources Plugin versions 2.4 and earlier Description: The issue allows attackers to inject arbitrary JavaScript code in web pages rendered by the plugin due to a cross-site scripting vulnerability. This can be exploited by...

CVE-2018-1914

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Cross-Site Scripting (XSS)

nexus-repository is vulnerable to cross-site scripting XSS. A lack of input validation and output sanitization allows a remote attacker to inject arbitrary Javascript into victim's browser through multiple parameters...

Cross-Site Scripting (XSS)

nexus-core is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the repoId and format parameters of the healthCheckFileDetail function, the file name in the File Upload functionality of Staging Upload, the username when...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript through the content, url and name parameters under the Dashboard settings. This CVE ID is different from CVE-2018-18623 and CVE-2018-18625...

Cross-Site Scripting (XSS)

apache-airflow is vulnerable to cross-site scripting XSS. An admin user is able to inject arbitrary Javascript into a victim's browser through the modification of state of objects in the metadata database, which would execute on certain page views...

WordPress plugin 'FormCraft' cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin 'FormCraft'. If a user logs into the WordPress admi...

WordPress plugin "FormCraft" vulnerable to cross-site request forgery

Overview The WordPress plugin "FormCraft" provided by nCrafts contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

X (Formerly Twitter): Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect

Summary: com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect. Description: com.twitter.android.lite.TwitterLiteActivity is set to exported ...

The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected data...

The vulnerability of the Cisco Prime Network lifecycle management software allows a hacker to inject any HTML or JavaScript code into the loaded page.

The vulnerability of the Cisco Prime Network lifecycle management software is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to inject arbitrary HTML or JavaScript code into the uploaded page through a specially crafted link...

The vulnerability of the Email Collectors component in the Juniper ATP intrusion prevention system allows a intruder to inject any arbitrary JavaScript code into the uploaded page and gain access to protected data.

The vulnerability of the Email Collectors component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected da...

The vulnerability of the Snort Rules configuration component of the Juniper ATP intrusion prevention system allows a perpetrator to inject arbitrary JavaScript code into the uploaded page and gain access to the protected data.

The vulnerability of the Snort Rules configuration component of the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to...

The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Cisco Identity Services Engine web interface relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the loaded page and gain access to protected data by redirecting users to a...

The vulnerability of the file upload menu component in the Juniper ATP intrusion prevention system allows a intruder to inject any desired JavaScript code into the uploaded page and gain access to protected data.

The vulnerability of the file upload menu component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected da...

The vulnerability of the RADIUS configuration menu component of the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the RADIUS configuration menu of the Juniper ATP intrusion prevention system is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected...

The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the loaded page and gain access to protected da...

Zuz Music 2.1 - zuzconsole___contact Persistent Cross-Site Scripting

Zuz Music 2.1 - zuzconsolecontact Persistent Cross-Site Scripting Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Google Dork: N/A Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...

The vulnerability of the PAN-OS operating system arises from insufficient protection of the web page structure, allowing attackers to inject any desired JavaScript or HTML code into the loaded web page.

The vulnerability of the PAN-OS operating system exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...