Cross site scripting

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

Cross site scripting

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript...

Cross site scripting

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

Cross site scripting

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

CVE-2019-7934

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

Stored Cross-Site Scripting Vulnerability in Morphology Digital Lab Teaching Platform Frontend

Morphology digital experimental teaching platform is a virtual reality system with the core of computer virtual reality and digital simulation technology, supported by biosimulation engine, processing factor database, virtual environment interface and other technologies. Morphology digital...

Cross site scripting

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

U.S. Dept Of Defense: [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...

Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)

It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. PoC POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac ...

Cloudera Manager Redirection Vulnerability

Cloudera Manager is a suite of Hadoop data management software from Cloudera. The software supports creating clusters, authentication, data backup and recovery, and more. A security vulnerability exists in Cloudera Manager versions 5.x through 5.15.0 that stems from the program failing to check t...

Stored Cross-Site Scripting Vulnerability in Home Portal System

Home portal system is for the home furnishing industry to develop a set of decoration website PHP source code system. A stored cross-site scripting vulnerability exists in the Home Portal System. An attacker can insert malicious js code into the page to obtain user cookies and other information,...

CVE-2019-8283

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it...

CVE-2019-8283

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it...

Design/Logic Flaw

Persistent XSS has been found in the OneShield Policy Dragon Core framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated...

Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites

Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics.c...

Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites

Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain,...

Information Disclosure

firefox/thunderbird is vulnerable to authorization bypass. A remote attacker is able to discover a redirect's target URL using malicious Javascript code that executes after a drag-and-drop action of an image into a TEXTBOX element...

Arbitrary Code Execution

firefox/thunderbird is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via malicious Javascript code due to improper processing of data types in jsinfer.cpp...

Stored cross-site scripting vulnerability in the cr***_sh***.php file of the TreeHole outbound link system

Treehole external link system is a free and open source PHP external link network disk system. A stored cross-site scripting vulnerability exists in the crsh.php file of TreeHole Outbound System. Attackers can insert malicious js code in the page to obtain user cookies and other information,...

CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...