CVE-2019-19329

CVE-2019-19329 affects the Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT (2019-11-07). The vulnerability is a cross-site scripting (XSS) flaw where arbitrary JavaScript could execute when mathematical expressions in results are rendered directly. The underlying cause is inadequate h...

CVE-2019-19206

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

IBM Case Manager CVE-2019-4426 Cross Site Scripting Vulnerability

Description IBM Case Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

IBM WebSphere eXtreme Scale Admin API Cross-Site Scripting Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution from IBM in the United States. The product supports dynamic caching, partitioning, replication, and management of application data and business logic across multiple servers.Admin API is one of the management API Application Programmin...

Apache Atlas CVE-2019-10070 HTML Injection Vulnerability

Description Apache Atlas is prone to an HTML injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

Design/Logic Flaw

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

CVE-2019-18949

SnowHaze vulnerable to unintended JavaScript execution before 2.6.6 due to a delay in honoring per-site JavaScript blocking during a chain of webpage redirections. Affected: SnowHaze prior to 2.6.6. Root cause: failure to timely apply per-site JS blocking settings under redirection sequences. Imp...

CVE-2019-18949

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

Cross-site Scripting in Grav

Grav through 1.6.15 allows Stored Cross-Site Scripting due to JavaScript execution in SVG images...

CVE-2019-13081

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...

Design/Logic Flaw

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...

About the security content of Shazam iOS App Version 12.11.0 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Redhat Quay CVE-2019-3865 HTML Injection Vulnerability

Description Redhat Quay is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-bas...

CVE-2019-18654

A Cross Site Scripting XSS issue exists in AVG AntiVirus Internet Security Edition 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name...

CVE-2019-18653

A Cross Site Scripting XSS issue exists in Avast AntiVirus Free, Internet Security, and Premiere Edition 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name...

Cross-Site Scripting (XSS)

apache-airflow is vulnerable to cross-site scripting XSS. An administrative user is able to edit the state of objects in the metadata database to contain malicious Javascript, which will execute in a victim's browser when rendered. This vulnerability also allows reading of arbirary files permitte...

Arbitrary file deletion

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2019-12417

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

Google Chrome Code Injection Vulnerability

Google Chrome is a web browser from Google, an American company. A code injection vulnerability exists in versions of Google Chrome prior to 78.0.3904.70, which stems from the program not performing proper input validation when processing CSS files. An attacker can exploit the vulnerability to...

GHSA-3RX2-X6MX-GRJ3 Cross-site scripting in Apache JSPWiki

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the...