5941 matches found
python: XSS vulnerability in the documentation XML-RPC server in server_title field
A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...
Security Vulnerabilities fixed in Thunderbird 78.3 — Mozilla
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Thunderbird sometimes ran the...
Security Vulnerabilities fixed in Firefox ESR 78.3 — Mozilla
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Firefox sometimes ran the onload...
Mozilla Firefox ESR < 78.3
The version of Firefox ESR installed on the remote Windows host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-43 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a...
Mozilla Firefox ESR < 78.3
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-43 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting i...
CVE-2020-8340
A cross-site scripting XSS vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 Integrated Management Module 2, prior to version 5.60, embedded Baseboard Management Controller BMC web interface during an internal security review. This vulnerability could allow JavaScript code t...
GHSA-P82G-2XPP-M5R3 Cross-Site Scripting in dojo
Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.2.0 or later...
Acronis: XSS on https://partners.acronis.com/
Hello, I found DOM XSS on login page of https://partners.acronis.com/ Open this URL https://partners.acronis.com/en-us/profile/login.html?-back=test123" and search for var back =. Here input is HTML encoded but from that reflected value, element is created and appended to the form. F983552 We can...
Adobe Experience Manager (AEM) Stored Cross-Site Scripting Vulnerability
Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...
Adobe Experience Manager (AEM) Cross-Site Scripting Vulnerability (CNVD-2020-51769)
Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitrary...
Adobe Experience Manager (AEM) stored cross-site scripting vulnerability (CNVD-2020-52152)
Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...
Adobe Experience Manager (AEM) Forms stored cross-site scripting vulnerability (CNVD-2020-52155)
Adobe Experience Manager AEM Forms is an enterprise document and forms platform that lets you capture and process information, deliver personalized communications, and protect and track sensitive information. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM Forms...
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
UPDATE Adobe has released fixes addressing five critical flaws in its popular Experience Manager content-management solution for building websites, mobile apps and forms. The cross-site scripting XSS flaws could allow attackers to execute JavaScript in targets’ browsers. Including Adobe Experienc...
APSB20-56 Security update available for Adobe Experience Manager
Adobe has released updates for Adobe Experience Manager AEM and the AEM Forms add-on package. These updates resolve vulnerabilities rated Critical and Important. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...
Brave Software: Arbitrary file download due to bad handling of Redirects in WebTorrent
Summary: Previously I reported 963155 how an attacker can trick user into downloading malicious files using ".save torrent" feature, In this report I am going to reproduce the same behavior but by abusing a different feature. Description While I was testing webtorrent on brave I noticed that...
GHSA-25V4-MCX4-HH35 Cross-Site Scripting in atlasboard-atlassian-package
All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...
Cross-Site Scripting in takeapeek
All versions of takeapeek are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider usin...
GHSA-V9WP-8R97-V6XG Cross-Site Scripting in jquery.json-viewer
Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting XSS. The package insufficiently sanitizes user input when creating links, and concatenates the user input in an tag. This allows attackers to create malicious links with JSON payloads such as: "foo":...
GHSA-G7MW-5CQ6-FV82 Cross-Site Scripting in wangeditor
All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...
GHSA-3QH4-R86R-GRVM Arbitrary JavaScript Execution in typed-function
Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later...