5936 matches found
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
UBUNTU-CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
CVE-2018-8768
CVE-2018-8768 affects Jupyter Notebook up to version 5.4.1. A maliciously forged notebook can bypass sanitization, allowing JavaScript execution in the notebook context due to how invalid HTML is fixed by jQuery after sanitization (XSS risk). The issue is documented in multiple advisories (Debian...
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
ClusterLabs pcs Cross-Site Scripting Vulnerability
ClusterLabs pcs is a command line tool for configuring Pacemaker. A cross-site scripting vulnerability exists in versions of ClusterLabs pcs prior to 0.9.157 that stems from the program failing to properly validate the Node name field. An attacker can exploit the vulnerability to run JavaScript...
pym.js CSRF Vulnerability
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...
CVE-2018-1000086
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The application does not sanitize the MenuItem variable, allowing a malicious user to inject and execute arbitrary Javascript...
Grab: [growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite
Hi, An encoded injection in the q parameter on my.html can be used to reflect JavaScript in the growth.grab.com context. This microsite creates a "Grab's Valentine" card for a driver over the past year, and carries its data in Base64 format. Proof of concept Please visit the following URL, scroll...
Mautic Cross-Site Scripting Vulnerability
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in Company name in Mautic 2.11.0 and earlier versions. A remote attacker can exploit this vulnerability to...
Invoice Plane Cross-Site Scripting Vulnerability (CNVD-2018-04555)
InvoicePlane is an open source financial system. The system has features to manage quotes, invoices and payments. A cross-site scripting vulnerability exists in the client email field in InvoicePlane 1.5.4 and prior versions. A remote attacker can exploit this vulnerability to execute JavaScript...
Dolibarr cross-site scripting vulnerability (CNVD-2018-04561)
Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. Product details is one of the product details module. A cross-site scriptin...
The vulnerability in the Kaspersky Security Center 10 web console allows a malicious individual to gain access to the software’s functions and execute arbitrary JavaScript code on the client side.
The vulnerability in Kaspersky Security Center 10 exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability can allow a malicious actor to gain access to software functions and execute arbitrary JavaScript code on the client side using a specially...
Cross site scripting
Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...
CVE-2017-16356
Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...
CVE-2017-16356
Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...
F-Secure Radar Cross Site Scripting
F-Secure Radar Persistent Cross-Site Scripting Vulnerability CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. Vendor Description...
UBUNTU-CVE-2017-1000509
Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...
CVE-2017-1000507
Canvs Canvas 3.4.2 is affected by a Cross Site Scripting (XSS) vulnerability in User’s details. The provided connected documents identify the issue but do not specify root cause details, affected subcomponents beyond the User’s details, exploit status, or a confirmed patch version. Potential impa...
CVE-2018-1401
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437...