5935 matches found
CVE-2017-11727
services/systemio/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution involving a ContactCommon field on victims who click on a crafted link, aka XSS...
Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2017-18573)
RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail version 1.1.5. A remote attacker can exploit this vulnerability to execute JavaScript...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
CVE-2017-1000038
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
Cross site scripting
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
Microsoft SharePoint Server CVE-2017-8569 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...
A vulnerability in the web console of the Antivirus Casper 8.0 anti-virus software allows for the transfer of JavaScript code executed by the client browser.
The vulnerability of the Antivirus Kaspersky 8.0 web console for Linux File Servers relates to the execution of scripts across sites. Exploiting this vulnerability allows a malicious actor to inject JavaScript code through a specially crafted GET request, with the JavaScript code specified in the...
Mail.ru: XSS bypass Script execute,Read any file,execute any javascript code--UXSS
Mail attachment XSS bypass vulnerability--UXSS Vulnerability impact: Mail.Ru Mail for iOS MyMail for iOS explain: Mail app supports HTML attachments, however,Cannot execute javascript. for example alert/xss/ These statements can not be executed in the html attachments...LOL However, the addition ...
Rapid7 Metasploit Editions Cross-Site Scripting Vulnerability
Rapid7 Metasploit is an open source security vulnerability detection tool from Rapid7, Inc. Metasploit Express, Community and Pro are different versions. A cross-site request forgery vulnerability exists in Rapid7 Metasploit Express, Community, and Pro, which stems from the program failing to...
Gratipay: CSP Policy Bypass and javascript execution Still Not Fixed
Summary Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to...
Gratipay: CSP Policy Bypass and javascript execution
Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to declare...
FortiOS XSS vulnerabilities via User Groups & Config Revision Comments
Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...
Microsoft SharePoint Server CVE-2017-8551 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...
Security update for chromium (important)
This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth...
openSUSE: Security Advisory for chromium (openSUSE-SU-2017:1502-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2017:1502-1 Security update for chromium
This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth...
Cross-site Scripting (XSS)
Moodle is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript by uploading a zip file through the assignment submission function. This results in text and HTML being rendered during a download all action...
Google Chrome WebUI Page JavaScript Code Execution Vulnerability
Google Chrome is a web browser developed by Google, Inc.WebUI pages are a graphical user interface. A JavaScript code execution vulnerability exists in WebUI pages in versions of Google Chrome prior to 59.0.3071.86. An attacker can exploit this vulnerability to execute JavaScript code...