The vulnerability in the web interface of the operating system PAN-OS allows a hacker to inject any desired JavaScript or HTML code into the web page that is being uploaded.

The vulnerability of the PAN-OS operating system’s web interface exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...

CVE-2018-20232

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

Stored Cross-Site Scripting Vulnerability in the Daimi CMS da***.me***.php File (CNVD-2019-06660)

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the dam.mem.php file of the Dami CMS. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading ...

TAU Threat Intelligence Notification – Fake Movie File Attack Targeting Cryptocurrency

A malicious Windows shortcut file is posing as a movie available on a torrent site - its payload is used to conduct web-injection, ultimately targeting victim’s web searches in browsers like Chrome, Firefox and Internet Explorer. The payload has the ability to search for and steal cryptocurrency...

Cross site scripting

OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting XSS vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result...

Zimbra Collaboration Cross Site Scripting

CVE-2018-14013 Reflected Cross-Site Scripting XSS vulnerabilities in Zimbra Collaboration Description Two XSS vulnerabilities have been discovered in Zimbra Collaboration initially in version 8.8.8. Zimbra Collaboration is an open source messaging and collaboration solution. Vulnerability records...

CVE-2019-7250

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

CVE-2019-7250

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

CVE-2019-1566

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML...

CVE-2019-1565

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML...

Cross site scripting

Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...

CVE-2019-1566

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML...

CVE-2019-3911

Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...

CVE-2019-1565

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML...

CVE-2019-1565

The CVE-2019-1565 issue affects PAN-OS External Dynamic Lists. An authenticated user with write privileges can inject arbitrary JavaScript/HTML, impacting PAN-OS 7.1.x ≤7.1.21, 8.0.x ≤8.0.14, and 8.1.x ≤8.1.5. Remediation: upgrade to 7.1.22, 8.0.15, or 8.1.6 (or later). If not exploiting, no work...

CVE-2019-1566

The CVE-2019-1566 entry affects Palo Alto Networks PAN-OS: the Management Web Interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. Affects PAN-OS versions 7.1.21 and earlier, 8.0.14 and earlier, and 8.1.5 and earlier. An unauthenticated attacker could inject...

Cross-Site Scripting (XSS)

croogo/croogo is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the title parameter in the Attachment page to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS External Dynamic Lists. Ref. PAN-106776; CVE-2019-1565 Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject...

The vulnerability of microprogrammed logic controllers from Schneider Electric Modicon, related to insufficient protection of the web page structure, allows attackers to inject JavaScript that will be executed in the user’s browser.

The vulnerability of the microprogrammed logic controllers from Schneider Electric Modicon relates to insufficient protection of the web page structure. Exploiting this vulnerability allows an intruder to inject JavaScript, which will be executed in the user’s browser...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the description field of a Heat template...