Type confusion

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

WordPress Download Manager Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Download Manager. An attacker can insert malicious js code into the...

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Date: April 6, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-5...

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting

Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Date: April 6, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-524 - V2.06RU CVE : CVE-2019-11017 To re-create Reflect...

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-524 - V2.06RU CV...

CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

Cross site scripting

A XSS vulnerability was found in html-page =2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering...

CVE-2018-16484

A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...

Base Soundtouch 18.1.4 Cross Site Scripting

CWE-80 XSS Bose Soundtouch App Internal reference: - Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 18.1.4 and maybe older versions, too not tested Vulnerable component: IOS Frontend of the application Report confidence: Unconfirmed Solution status: Could be fixed by vendor?...

Soundtouch App Cross-Site Scripting Vulnerability

Soundtouch App is a mobile setup software for music speakers. A cross-site scripting vulnerability exists in Soundtouch App. An attacker can exploit the vulnerability to execute malicious javascript code in the user context...

jolokia: Cross site scripting in the HTTP servlet

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why

Google Chrome is the most popular web browser and has been so for almost a decade. Each new version of Chrome brings new usability, security and performance features. This article focuses on the “headless mode” feature that Google released more than a year ago; and, since day one has become very...

CVE-2018-12241

The Symantec Security Analytics SA 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks ...

SAP Fiori Client Code Execution Vulnerability

SAP Fiori Client is a client program from SAP Germany for running the SAP Fiori Launchpad on mobile devices. A code execution vulnerability exists in SAP Fiori Client that can be exploited by an attacker to execute malicious JavaScript code in an embedded log reader...

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

Design/Logic Flaw

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

Reflected XSS in Firefox in check endpoint

When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox...

Cross-Site Scripting

Overview Versions of exceljs before 1.6.0 are vulnerable to cross-site scripting. This vulnerability is due to exceljs does not validate data from parsed XLSX file and allows to embed HTML tags, like , directly in the sheet cells. Because of this it's possible to inject malicious JavaScript code...

xss vulnerability in free version of s-cms hospital website builder system

S-CMS hospital station building system is developed by asp+access/mssql, easy to operate, convenient, support PC+mobile+WeChat. There is a cross-site scripting vulnerability in S-CMS hospital website builder system. An attacker can insert malicious js code into the page to obtain user cookies and...