The vulnerability of the CDVInAppBrowser class in Cordova In-App-Browser extensions allows a hacker to elevate their privileges and execute arbitrary JavaScript code.

The vulnerability of the CDVInAppBrowser extension in Cordova In-App-Browsers is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and enhance their privileges through specially crafted URIs...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

PT-2018-5678 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1 Description: The application's input fields accept arbitrary user input, resulting in the execution of malicious JavaScript. It is noted that the vendor disputes this issue, stating it is a feature that enables only a...

PT-2018-5948 · Ibm · Ibm Doors Web Access

Name of the Vulnerable Software and Affected Versions: IBM Doors Web Access versions 9.5 through 9.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

WordPress Soundy Audio Playlist Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Soundy Audio Playlist plugin is an audio playlist component used in ... A cross-site scripting vulnerability exists in WordPress Soun...

Cross site scripting

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

UBUNTU-CVE-2017-12098

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

Sulu-standard cross-site scripting vulnerability

Sulu-standard is an open source CMS Content Management System based on the Symfony PHP framework of the standard version . A cross-site scripting vulnerability exists in the page used to create pages in Sulu-standard version 1.6.6. A remote attacker could exploit this vulnerability to cause a...

Cross site scripting

Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

Mozilla: JavaScript Execution via RSS in mailbox:// origin

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

Cross-site Scripting (XSS)

Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...

LavaLite Cross-Site Scripting Vulnerability

LavaLite is an open source lightweight CMS content management system. A cross-site scripting vulnerability exists in the log creation page in LavaLite version 5.2.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScrpt code...

BookStack Cross-Site Scripting Vulnerability

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack version 0.18.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...

Information disclosure

When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafte...

PYSEC-2018-71

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

PYSEC-2018-71

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...