Information disclosure

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes...

CVE-2019-16684

An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes...

CVE-2019-16684

CVE-2019-16684 affects Xoops 2.5.10 image-manager. A stored cross-site scripting issue occurs when an image is named with a JavaScript payload; hovering over such items in the list or Edit page causes the payload to execute. The Red Hat entry corroborates the same description. No explicit remedia...

CVE-2019-16683

The CVE-2019-16683 vulnerability affects the Xoops 2.5.10 image-manager. When editing an image, hovering the breadcrumb that shows the category name triggers a JavaScript payload, indicating a cross-site scripting issue in the image-manager component. The available sources describe the affected f...

CVE-2019-16683

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes...

CVE-2019-16751

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

Cross site scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

CVE-2019-16751

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

Cross site scripting

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low...

CVE-2019-11199

Dolibarr ERP/CRM 9.0.1 is affected by a stored XSS in uploaded files (viewimage.php) that can execute JavaScript when an arbitrary link on the Dolibarr domain is clicked. The issue stems from lack of contextual output encoding in the uploaded content, enabling exploitation by low-privilege users ...

Cross-Site Scripting

Overview Versions of console-feed prior to 2.8.10 are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape the rendered output. If an application uses console-feed and a malicious JavaScript payload was passed to a console.log'%', payload call, the package would render HTM...

Oracle Siebel CRM 19.0 Cross Site Scripting

Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel/ Version: Siebel CRM UI Framework Version 19.0 and prior...

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting

Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel/ Version: Siebel CRM UI Framework Version 19.0 and prior...

SeedDMS Cross-Site Scripting Vulnerability (CNVD-2019-18509)

SeedDMS is a free document management system with an easy-to-use web-based user interface. A stored cross-site scripting vulnerability exists in out/out.GroupMgr.php in SeedDMS 5.1.11. An attacker can exploit this vulnerability by creating a new group with a JavaScript payload as the group name t...

CVE-2019-12801

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

Cross site scripting

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

CVE-2019-12801

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

CVE-2019-6514

The CVE-2019-6514 entry affects WSO2 Dashboard Server 2.0.0 and describes a stored XSS flaw: a JavaScript payload can be injected and stored in the database, then displayed and executed on the same page. The documentation notes remediation via security patch releases from WSO2 (see references). N...

Storage-based Cross-site Scripting Vulnerability in the Frontend of Feifei Movie Navigation System

FeiFeiCms is developed by PHP+Mysql technology and can run on windows and Linux system platform. A stored cross-site scripting vulnerability exists in the frontend of FeiFeiCms. Attackers can insert malicious js code into the page to obtain user cookies and other information, resulting in user...