3249 matches found
CVE-2020-9734
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
Cross site scripting
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
Cross site scripting
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
Cross site scripting
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
Cross site scripting
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
Cross site scripting
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...
ansible: dnf module install packages with no GPG signature
A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...
Cross site scripting
A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...
The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server lies in the lack of protective measures for website structures, allowing attackers to execute cross-site scripting attacks.
The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially create...
GHSA-J7WP-VJJ6-CP5M Cross-Site Scripting in @progress/kendo-angular-editor
Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...
The vulnerability of the McAfee Total Protection anti-virus protection lies in its lack of access control mechanisms, which allows attackers to enhance their privileges.
The vulnerability of the McAfee Total Protection antivirus protection lies in its lack of access control mechanisms. Exploiting this vulnerability allows attackers to enhance their privileges by manipulating symbolic links or executing malicious scripts or programs...
The vulnerability of the McAfee Total Protection anti-virus protection lies in its lack of access control mechanisms, which allows attackers to enhance their privileges.
The vulnerability of the McAfee Total Protection antivirus protection lies in its lack of access control mechanisms. Exploiting this vulnerability allows attackers to enhance their privileges by manipulating symbolic links or executing malicious scripts or programs...
The vulnerability of the McAfee Total Protection anti-virus protection lies in its lack of access control mechanisms, which allows attackers to enhance their privileges.
The vulnerability of the McAfee Total Protection antivirus protection lies in its lack of access control mechanisms. Exploiting this vulnerability allows attackers to enhance their privileges by manipulating symbolic links or executing malicious scripts or programs...
All in One SEO Pack < 3.6.2 - Authenticated Stored Cross-Site Scripting
This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page. PoC "Exploit Post", "content" = "\n Test2 \n", "status"="pending"; $postdata = jsonencode$data;...
U.S. Dept Of Defense: RXSS - ████
Hello, friends today when I was checking some sites I found this bug on your own website. Detalis XSS Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web...
CVE-2019-12773
An issue was discovered in Verint Impact 360 15.1. At wfo/help/helppopup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this produc...
CVE-2020-6278
SAP Business Objects Business Intelligence Platform BI Launchpad and CMC, versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting...
CVE-2020-6278
SAP Business Objects Business Intelligence Platform BI Launchpad and CMC, versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting...
Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites
Since its launch three years ago, the Keeper threat group has compromised more than 570 e-commerce websites, from online liquor stores to Apple product resellers. And experts warn of future, increasingly sophisticated attacks against online merchants worldwide. The Keeper group, a faction of the...
CVE-2020-13642
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...