The vulnerability of the Expedition Migration tool, which exists due to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary JavaScript or HTML code.

The vulnerability of the Network Configuration Transfer tool exists because no measures have been taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript or HTML code remotely...

CVE-2019-5514

VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...

CB TAU Threat Intelligence Notification – Recent Emotet Campaign Leverages Phishing, PDFs & Droppers Impersonating Legitimate Applications

This past week, CB ThreatSight analysts were investigating suspicious events in an environment. This customer had installed the CB Defense sensor on a subset of systems in monitor only mode for evaluation. While investigating suspicious events, a CB ThreatSight analyst uncovered a new Emotet...

Apache JSPWiki Cross-Site Scripting Vulnerability

Apache JSPWiki is the U.S. Apache Apache Software Foundation of a Java-based , Servlet and JSP to build an open source WikiWiki engine . A security vulnerability exists in Apache JSPWiki versions 2.9.0 through 2.11.0.M2. The vulnerability can be exploited by an attacker to execute JavaScript code...

CVE-2019-10646

Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...

CVE-2019-9919

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS...

PT-2019-19935 · Joomla · Harmis Je Messenger

Name of the Vulnerable Software and Affected Versions: Harmis JE Messenger component version 1.2.2 Description: An issue was discovered in the Harmis JE Messenger component for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when...

CVE-2019-0224

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser...

CVE-2019-0224

CVE-2019-0224 affects Apache JSPWiki versions 2.9.0 to 2.11.0.M2. The vulnerability allows a crafted URL to execute JavaScript in the user’s own browser session. The provided sources describe the impact as client-side (no server/database writes and no cross-user script execution stated). The exac...

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...

PHP League CommonMark library cross-site scripting vulnerability

PHP League CommonMark library is a PHP-based Markdown parser from the Extraordinary Packages consortium. A cross-site scripting vulnerability exists in PHP League CommonMark library versions prior to 0.18.3, which stems from the program failing to properly escape double-encoded HTML entities. A...

WordPress font-organizer plugin cross-site scripting vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress font-organize...

WordPress Donation Plugin and Fundraising Platform Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress Donation Plug...

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

CVE-2018-12638

The CVE-2018-12638 entry concerns Bose Soundtouch for iOS version 18.1.4 where there is no frontend input validation of the device name. The underlying cause is reflected in multiple sources as a Cross‑Site Scripting risk: a malicious device name can cause JavaScript to execute in the registered ...

CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...

CVE-2019-9752

An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...

CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...