GitLab: Stored XSS in "Create Groups"

NOTE! Thanks for submitting a report! Please replace all the parenthesized sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary Stored attacks are those...

CVE-2019-1010008

OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...

Cross site scripting

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

Open Ticket Request System Code Injection Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the service...

The vulnerability in the platform for creating a unified database and electronic registration of residential properties, “BAR.- ”, is related to insufficient protection of the website structure, allowing a perpetrator to execute arbitrary JavaScript code.

The vulnerability in the platform for creating a unified database and electronic registration of residential properties, “BAR.- ”, is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary JavaScrip...

Cross-Site Scripting

Overview Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting XSS. The package insufficiently sanitizes user input when creating links, and concatenates the user input in an tag. This allows attackers to create malicious links with JSON payloads such as: "foo":...

Cross-Site Scripting

Overview All versions of bleach are vulnerable to Cross-Site Scripting. It is possible to bypass the package's HTML sanitization with payloads such as "scriptalert'xss';script" regardless of the passed options. This may allow attackers to execute arbitrary JavaScript in the victim's browser...

DEBIAN-CVE-2019-13072

Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...

CVE-2019-13072

Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...

Cross-Site Scripting

Overview All versions of eco are vulnerable to Cross-Site Scripting XSS. The package's default escape implementation fails to escape single quotes, which may allow attackers to execute arbitrary JavaScript on the victim's browser. Recommendation No fix is currently available. Consider using an...

Cross site scripting

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

The vulnerability of the web access module of the DIRECTUM electronic document management system allows a perpetrator to execute arbitrary JavaScript code.

The vulnerability of the web access module of the DIRECTUM electronic document management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

CVE-2019-11649

Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploite...

Cross-Site Scripting

Overview Versions of serve prior to 10.0.2 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 10.0.2 o...

Cross-Site Scripting

Overview Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later. References -...

Cloud Classroom online school system suffers from override access, xss vulnerability

Cloud Classroom is the online education system of Beijing Yuxin Technology Co. Cloud Classroom online school system suffers from an override access, xss vulnerability, which can be exploited by attackers to modify other user profiles and execute js code on the browser...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

Design/Logic Flaw

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

CVE-2019-9673

Freenet 1483 is affected by a MIME-type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. The root cause is improper MIME-type handling, enabling code execution without user interaction. NVD lists CVSS v2 base score 6.8 (Network, Medium complexity) and CVSS v3 base scor...