CVE-2020-20269

A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22...

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2021-03700)

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

Cross site scripting

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

MTN Group: Reflected XSS on mtnhottseat.mtn.com.gh

hello dear I have found Reflected XSS on mtnhottseat.mtn.com.gh parameters injectable /api/v2/subscribe/; my payload " URL: https://mtnhottseat.mtn.com.gh/api/v2/subscribe/;%22%3E%3Cimg%20src=x%20onerror=alertdocument.domain%3E F1140524 Impact Malicious JavaScript has access to all the same objec...

Privilege escalation

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

CVE-2020-12517 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

Egavilan Media Expense Management System Cross-Site Scripting Vulnerability

Egavilan Media Expense Management System is a Php-based management system for logging overhead from Egavilan Media, USA. A cross-site scripting vulnerability exists in the EGavilan Media Expense Management System version 1.0, which can be exploited to permanently store malicious JavaScript code i...

CVE-2020-35395

CVE-2020-35395 describes a stored XSS vulnerability in the EGavilan Media Expense Management System 1.0, affecting the Add Expense Component. The underlying issue is that the attacker-supplied string in the description field can inject JavaScript, leading to persistent client-side code execution....

SAP NetWeaver AS ABAP Cross-Site Scripting Vulnerability (CNVD-2021-03703)

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A security vulnerability exists in SAP NetWeaver AS ABAP that stems from a failure to adequately encode URLs, allowing an attacker to enter malicious java script in...

WordPress EventON Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress EventON plugin version 3.0.5 and earlier...

CVE-2017-15682

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel...

Dell EMC RSA Archer Injection Vulnerability

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An injection vulnerability exists in Dell EMC RSA Archer versions 6.8...

CVE-2020-26884

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application...

CVE-2020-26884

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application...

CVE-2020-24442

Adobe Connect version 11.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2020-24443

Adobe Connect version 11.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

CVE-2020-24430

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user...

Design/Logic Flaw

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user...

CVE-2020-24430

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user...