U.S. Dept Of Defense: Self stored Xss + Login Csrf

Description: User can set username between 8-20 alphanumeric characters, but with the help of inspect element attacker can manipulate ██████= & can insert a xss payload resulting in self stored xss & with the help of login csrf attacker can force the victim into attacker's account causing...

Apple iOS Input Validation Error Vulnerability

Apple iOS and others are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple watchOS is a smart watch operating system. A security vulnerability exists in a number of Apple products, which arises from the handling of...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...

CVE-2020-13563

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...

Cross site scripting

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

Cross site scripting

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...

CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13562

CVE-2020-13562 – phpGACL 3.3.7 XSS vulnerabilities. Multiple cross‑site scripting flaws exist in the template rendering paths of phpGACL 3.3.7, enabling arbitrary JavaScript execution via unescaped user input in template actions (e.g., action, group_id, acl_id). Documented vectors include admin/a...

Hitachi Vantara Pentaho Cross-Site Scripting Vulnerability

Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A reflected cross-site scripting vulnerability exists in the 'type' attribute of the 'dashboardXml' paramete...

Hitachi Vantara Pentaho DOM-Type Cross-Site Scripting Vulnerability

Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A DOM-type cross-site scripting vulnerability exists in Hitachi Vantara Pentaho in the Analysis Report...

Apache Druid Access Control Error Vulnerability

Apache Druid is the U.S. Apache Software Apache Foundation , a use of the Java language , written in column-oriented open source distributed database . An access control error vulnerability exists in Apache Druid 0.20.0 and earlier versions that allows an authenticated user to force Druid to run...

CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

Default configuration

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

CVE-2020-24666

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...