Cross site scripting

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

Design/Logic Flaw

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

PrimeKey Solutions EJBCA Code Issue Vulnerability (CNVD-2020-22248)

PrimeKey Solutions EJBCA is a software PKI certificate authority package from PrimeKey Solutions, Sweden. A security vulnerability exists in PrimeKey Solutions EJBCA versions prior to 6.15.2.6 and 7.x versions prior to 7.3.1.2. An attacker could exploit the vulnerability to upload malicious scrip...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

115CMS suffers from XSS vulnerability

115CMS is a content management system developed with ThinkPHP framework. 115CMS suffers from an XSS vulnerability that can be exploited by attackers to execute malicious scripts and obtain administrator cookies...

Cross-site Scripting (XSS)

sockjs is vulnerable to cross-site scripting XSS. The attack exists because it does sanitize the callback parameter in lib/transport/htmlfile.js for non-alphanumeric symbols, allowing an attacker to inject malicious scripts...

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

SAP Fiori Cross-Site Scripting Vulnerability

SAP Fiori is a content management system. A cross-site scripting vulnerability exists in SAP Fiori, which can be exploited by an attacker to execute malicious scripts...

Cross-Site Scripting (XSS)

@instructure/ui-elements is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to lack of proper truncation of texts in argument Text in 'Truncator.js' , allowing an attacker to inject malicious scripts...

DotNetNuke 9.5 - Persistent Cross-Site Scripting

Exploit Title: DotNetNuke 9.5 - Persistent Cross-Site Scripting Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNNPlatform9.5.0Install.zip Version: . For instance, uploadi...

CVE-2020-6193

SAP NetWeaver Knowledge Management ICE Service, versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting XSS vulnerability...

XSS Vulnerability in Tuan Ah VIP Movie System

Group ah VIP movie system is a lightweight and intelligent video CMS management system. A XSS vulnerability exists in Tuan Ah VIP Movie System, which can be exploited by attackers to execute malicious scripts...

CVE-2020-3925

A Remote Code ExecutionRCE vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts...

CVE-2020-1933

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

CVE-2020-1933

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the message and moreinfourl parameters in outputrenderers.php, allowing an attacker to inject malicious scripts and thereby causing the payload to be rendered and executed when the error...

Design/Logic Flaw

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit...

CVE-2018-7859

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit...

Debian: Security Advisory (DLA-1960-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...