Input validation

DISPUTED In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their...

CVE-2017-14522

Summary: CVE-2017-14522 affects WonderCMS 2.3.1, where input fields can accept arbitrary data and lead to execution of malicious JavaScript. Multiple sources corroborate a stored XSS risk in WonderCMS 2.3.1, with vendor dispute that this is a feature allowing only a logged-in administrator to wri...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

711cms V1.0.5 has cross-site scripting vulnerability

711cms is the first open source cms for APP application market, pc station + wap station + APP native client three stations in one, to provide a complete APP application market construction, operation and promotion of one-stop solution. A cross-site scripting vulnerability exists in version 711cm...

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

Cross site scripting

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...

GHSA-7QCX-JMRC-H2RR Cross-Site Scripting in keystone

Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize user input on the Contact Us page, allowing attackers to submit contact forms with malicious JavaScript in the message field. The output is not properly encoded leading an admin that open...

Cross-site Scripting (XSS)

simplesamlphp is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute a malicious Javascript document through the url when the url is being redirected...

Cross site scripting

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

Stored Cross-Site Scripting Vulnerability in PlayStation Live App

Playcaster Live App is a short video live interactive application. Playcafe Live App has a stored cross-site scripting vulnerability that allows an attacker to insert malicious js code into the page to obtain user cookies and other information...

Stored Cross-Site Scripting Vulnerability in Vienna Hotel App

Vienna Hotel App is a hotel booking software officially launched by Vienna Hotel. Vienna Hotel App has a stored cross-site scripting vulnerability that allows an attacker to insert malicious js code into a page to obtain information such as user cookies...

US Government Site Was Hosting Ransomware

As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s...

Adware Spreading Via Social Engineering, Facebook Messenger

Attackers have taken to Facebook Messenger with a combination of social engineering and malicious JavaScript to spread adware, something that’s likely earning them a small chunk of change in the process. David Jacoby, a senior security researcher with Kaspersky Lab’s Global Research & Analysis...

Cross-site Scripting (XSS)

spring-batch-admin is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute malicious javascript through the file upload function...

DOM Cross-Site Scripting Vulnerability in UFIDA U8+ Financial System

UFIDA U8+ is a fine financial software. A stored cross-site scripting vulnerability exists in the UFIDA U8+ financial system. It allows an attacker to insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...

Suspicious Credential Harvesting

Compromised websites injected with malicious JavaScript, have been identified. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded, leading to credential harvesting...

CVE-2017-3948

Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...

Phone Hack Uses Sensors To Steal PINs

University researchers have created a method to steal a smartphone user’s PIN by leveraging sensor data generated by the targeted phone. Researchers say the method has a 74 percent success rate when it comes to accurately determining four-digit PIN data inputted by a phone’s owner. Researchers fr...

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...