2165 matches found
lightning-server cross-site scripting vulnerability
lightning-server is a personal developer Npm library for data visualization applications . The library provides API-based access to reproducible Web-based interactive visualizations. A security vulnerability exists in all versions of lightning-server, which can be exploited by an attacker to inje...
Cross site scripting
Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...
CVE-2020-16246
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting XSS, which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site...
CVE-2020-7747
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller...
CVE-2020-24408
Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This...
phpMyAdmin cross-site scripting vulnerability (CNVD-2021-45285)
phpMyAdmin is a PHP written, Web-based MySQL and MariaDB open source management tools. A cross-site scripting vulnerability exists in the conversion function in phpMyAdmin. An attacker can exploit this vulnerability to execute malicious JavaScript via a specially crafted link...
PrestaShop 1.5.0.0 < 1.7.6.8 XSS Vulnerability
PrestaShop is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Observium Cross-Site Scripting Vulnerability
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject and store malicious JavaScript code via...
Observium cross-site scripting vulnerability (CNVD-2020-62447)
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. A cross-site scripting vulnerability exists in pages/contacts.inc.php in Observium. An attacker can exploit this vulnerability to inject and store...
CVE-2020-15162 Stored XSS in PrestaShop
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8...
PT-2020-3926 · Microsoft · Windows +1
Name of the Vulnerable Software and Affected Versions: Microsoft Component Object Model COM affected versions not specified Description: The issue is related to errors in processing input data in the Microsoft Component Object Model COM component of Windows operating systems. It allows a remote...
WordPress Click To Top Plugin Stored Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A stored cross-site scripting vulnerability exists in the WordPress Click To Top plugin. An...
GHSA-C7PP-X73H-4M2V Cross-Site Scripting in bootstrap-vue
Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser...
Cross-Site Scripting in bootstrap-vue
Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser...
Cross-Site Scripting (XSS)
highcharts is vulnerable to cross-site scripting XSS. Lack of sanitization of href values and no URL schemes restriction allows an attacker to inject malicious javascript and get executed when a user visits the page...
CVE-2019-20152
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
Cross site scripting
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
CVE-2019-20152
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...
Mozilla: Information disclosure due to manipulated URL object
The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...