Stored Cross-Site Scripting Vulnerability in "I want to submit a paper" in the background of Daimi CMS

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the "I want to submit" section of the backend of Daimi CMS. An attacker can insert malicious js code into the page to obtain user cookies and other...

AjentiCP Cross-Site Scripting Vulnerability

AjentiCP is a hosting management panel. A cross-site scripting vulnerability exists in AjentiCP 1.2.23.13 and earlier versions. A remote attacker can exploit this vulnerability to execute malicious JavaScript code in a user's browser...

Cross site scripting

Symantec Web Isolation WI 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious...

jolokia: Cross site scripting in the HTTP servlet

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns

Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...

Staying Safe in the Era of Browser-based Cryptocurrency Mining

Qualys Malware Research Labs is announcing the release of Qualys BrowserCheck CoinBlocker Chrome extension to detect and block browser-based cryptocurrency mining, aka cryptojacking. Cryptojacking Cryptojacking attacks leverage the victim system’s resources via malicious JavaScript to mine certai...

CVE-2018-3747

The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...

Design/Logic Flaw

The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...

CVE-2018-3747

CVE-2018-3747 concerns the public Node.js module (versions

CVE-2018-3747

The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...

Stored Cross-Site Scripting Vulnerability in Udesk Online Counseling System

Udesk online consulting system is an industry customer service solution for businesses. A stored cross-site scripting vulnerability exists in Udesk Online Consultation System. Attackers can use the vulnerability to insert malicious js code in the page, obtain user cookies and other sensitive...

Cross-Site Scripting (XSS)

qutebrowser is vulnerable to cross-site scripting attacks. The attacks exists in the history command, qute://history page through which an attacker can inject malicious Javascript to steal a user's browsing history when the user visits a page with an html input element as it's title...

WordPress Ultimate Form Builder Lite Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress Ultimate Form Builder Lite plugin allows attackers to construct URLs th...

Chinese Hackers Carried Out Country-Level Watering Hole Attack

Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers fr...

SAP Hana DB, UI5 and UI Cross-Site Scripting Vulnerabilities

SAP Hana DB, UI5, and UI are products of SAP, an in-memory database based on rows and columns.UI5 and UI are JavaScript-based UI libraries that integrate a large number of UI controls. A security vulnerability exists in SAP Hana DB, UI5, and UI that stems from the program's failure to validate us...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Authorization

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...

CVE-2018-5176

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...

Cross site scripting

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...