CVE-2020-5334

RSA Archer, versions prior to 6.7 P2 6.7.0.2, contains a Document Object Model DOM based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM...

The vulnerability of Google Chrome’s browser-based music acquisition mechanism allows attackers to gain unauthorized access to confidential data, cause service interruptions, and compromise data integrity.

The vulnerability of Google Chrome’s browser-music acquisition mechanism is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity through the...

DEBIAN-CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

The vulnerability of the Omnibox mechanism in the Google Chrome browser, related to the lack of a mechanism for checking entered data, allows a perpetrator to compromise the integrity of the data.

The vulnerability of the Omnibox mechanism in the Google Chrome browser is related to the lack of a mechanism for verifying the entered data. Exploiting this vulnerability allows an attacker to manipulate the integrity of data by creating a malicious HTML page...

The vulnerability of Google Chrome’s mechanism for processing external browser protocols lies in the lack of a mechanism for checking entered data. This allows attackers to compromise the integrity of the data.

The vulnerability of Google Chrome’s mechanism for processing external browser protocols is related to the lack of a mechanism for checking entered data. Exploiting this vulnerability allows an attacker to influence the integrity of data by creating a malicious HTML page...

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running...

ZOHO ManageEngine Desktop Central Code Execution Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...

CVE-2019-19336

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the...

CVE-2019-19336

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the...

Cross site scripting

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

CVE-2019-19336

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session...

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

Design/Logic Flaw

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

CVE-2013-4318

CVE-2013-4318 affects the Ruby Gems Features package (Ruby Features 0.3.0). The issue is a file handling flaw where input submitted to /tmp/out.html is not properly validated, enabling a local cross-site scripting (XSS) attack. Some sources describe the risk as a local XSS, while others reference...

CVE-2019-17324

ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...

Directory traversal

ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...

CVE-2019-17324

ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...

Cross site scripting

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicio...