357 matches found
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
Dolibarr ERP/CRM Cross-Site Request Forgery Vulnerability
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site request forgery vulnerability exists in Dolibarr...
CVE-2019-1010054
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...
CVE-2019-12153
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...
Stored Cross-site Scripting (XSS)
github.com/go-gitea/gitea is vulnerable to stored cross-site scripting XSS. It does not escape the description in DescriptionHTML function, allowing the attacker to inject malicious HTML through it...
CVE-2018-18940
servlet/SnoopServlet a servlet installed by default in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=XSS in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web...
Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Cross-Site Request Forgery (CSRF)
tribalsystems/zenario is vulnerable to cross-site request forgery CSRF. The application does not verify the authenticity of a request to admin/organizer.ajax.php?path=zenariocontent%2Fpanels%2Fcontent, which allows an attacker to submit a request on behalf of the victim when the victim visits a...
CVE-2017-7908
A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls...
Cross site scripting
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the...
Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-24625)
IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...
Path traversal
A path traversal exists in markdown-pdf version 9.0.0 that allows a user to insert a malicious html code that can result in reading the local files...
CVE-2018-3770
A path traversal exists in markdown-pdf version 9.0.0 that allows a user to insert a malicious html code that can result in reading the local files...
PT-2018-16188 · Npm · Markdown-Pdf
Name of the Vulnerable Software and Affected Versions: markdown-pdf versions prior to 9.0.0 Description: A path traversal issue in markdown-pdf allows users to insert malicious HTML code, potentially resulting in the reading of local files. The package fails to sanitize HTML code in markdown file...
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
Cross site scripting
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or...
ShopNx Arbitrary File Upload Vulnerability
ShopNx is a single page application for shopping websites created with AngularJS, NodeJS and MongoDB. A security vulnerability exists in ShopNx 2017-11-17 and prior versions that stems from the program failing to adequately filter user-submitted input. A remote attacker can exploit the...
Node.js third-party modules: [markdown-pdf] Local file reading
I would like to report local file reading in markdown-pdf It allows to insert a malicious html code, which allows to read the local files. Module module name: markdown-pdf version: 8.1.1 npm page: https://www.npmjs.com/package/markdown-pdf Module Description Node module that converts Markdown fil...
CVE-2017-12126
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability...