CVE-2020-3884

An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution...

GHSA-4G46-5GRC-WQ49 Cross-Site Scripting in seeftl

All versions of seeftl are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...

Cross-Site Scripting in http_server

All versions of httpserver are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider usi...

Versiant LYNX Customer Service Portal is vulnerable to stored cross-site scripting

Overview The Versiant LYNX Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript. Description The Versiant LYNX Customer Service Portal CSP is a "full-service customer portal that provide...

Slack: XSS on link and window.opener

A vulnerability was found in Slack that allowed for cross-site scripting XSS attacks through a link and the window.opener property. This could lead to redirection to malicious sites or execution of JavaScript code. The impact of this vulnerability was potentially severe...

CVE-2020-1771

Attacker is able craft an article with a link to the customer address book with malicious content JavaScript. When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: OTRS Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior...

CVE-2020-1771

Attacker is able craft an article with a link to the customer address book with malicious content JavaScript. When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: OTRS Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior...

PT-2020-15048 · Otrs +2 · Otrs +3

Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 6.0.26 and prior OTRS versions 7.0.15 and prior Description: The issue allows an attacker to craft an article with a link to the customer address book containing malicious JavaScript content. When an agent open...

CVE-2020-9520

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled...

Visma Bug Bounty Program: Stored XSS when uploading files to an invoice

I've found a stored XSS from the fileupload. The parameter fileID is vulnerable and will be stored to the page. Steps To Reproduce Login Navigate to one of your invoices Upload some file and intercept the traffic Once you see the JSON payload like this "id":"abcabccabcabc","name":"file-name" modi...

CVE-2020-6798

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

CVE-2020-6798

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

SAS Visual Analytics Cross-Site Scripting Vulnerability

SAS Visual Analytics is data visualization software that helps build and design interactive Web dashboards. A cross-site scripting vulnerability exists in the graph generator in SAS Visual Analytics 8.5. An attacker can exploit this vulnerability to execute malicious Javascript in a user's browse...

SOPlanning Cross-Site Scripting Vulnerability (CNVD-2020-13153)

SOPlanning is an online planning tool for efficiently organizing projects and tasks. A cross-site scripting vulnerability exists in SOPlanning 1.45. The vulnerability can be exploited to execute javascript code via the "Your SoPlanning url" field...

CVE-2020-9339

SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Recent assessments: horshark at March 09, 2020 8:38pm UTC reported: Recap Javascript execution. Where On the ip/www/status.php page, you can execute Javascript in the name and comment fields. Assessed Attacker Value: 2 Assessed...

CVE-2020-6798

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

CVE-2020-8514

CVE-2020-8514 concerns Rumpus 8.2.10 on macOS, where crafting a directory name can trigger a JavaScript payload in the web app after invoking the rename folder function, effectively a cross-site scripting issue in the web interface. The documents collectively indicate an XSS scenario in the Maxum...

Cross site scripting

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site...

CVE-2020-7937

CVE-2020-7937 is an XSS vulnerability in the title field of Plone 5.0–5.2.1. The issue allows users with a certain privilege level to inject JavaScript that executes for other site visitors. The core vulnerability is in the title field handling, enabling stored or reflected XSS depending on conte...