Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...

CVE-2019-9752

An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...

CVE-2019-9752

An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...

DEBIAN-CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...

DEBIAN-CVE-2019-9752

An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...

CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...

CVE-2019-9751

The CVE-2019-9751 vulnerability affects Open Ticket Request System (OTRS). Affects OTRS 6.x prior to version 6.0.17 and 7.x prior to 7.0.5. The issue arises from Kernel/Output/Template/Document.pm, where an admin-user can manipulate the URL to cause JavaScript execution in the OTRS context. Impac...

CVE-2019-9752

An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...

The vulnerability of the web interface of the microprogramming software for Pelco cameras, models Sarix Enhanced and Spectra Enhanced, allows a intruder to execute any JavaScript code in the user’s browser.

The vulnerability of the web interfaces of Pelco Sarix Enhanced and Spectra Enhanced microprogramming systems lies in the insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser...

CICMS V2.1 18013 has xss vulnerability

CICMS system is developed by php+mysql, based on CodeIgniter, and is mainly used for enterprise building. CICMS V2.1 18013 has an xss vulnerability, which can be exploited by attackers to execute arbitrary JavaScript code...

PYSEC-2019-142

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

The vulnerability of Cisco WebEx Meeting software lies in the lack of security measures for the website structure, allowing attackers to execute arbitrary JavaScript scripts within the context of Cisco WebEx Meetings.

The vulnerability of Cisco WebEx Meetings software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a perpetrator to execute arbitrary JavaScript scripts within the context of Cisco WebEx Meetings...

CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

DEBIAN-CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

UBUNTU-CVE-2019-5780

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

chromium-browser: Insufficient policy enforcement

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

Cross site scripting

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

CVE-2019-7341

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7343

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorMethod' parameter value in the view monitor monitor.php because proper filtration is omitted...

Cross site scripting

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...