CVE-2019-5471

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...

CVE-2019-19393

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

CVE-2019-8702

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier...

CVE-2019-8947

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS...

CVE-2019-8946

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...

CVE-2019-6784

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

CVE-2019-11643

Persistent XSS has been found in the OneShield Policy Dragon Core framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated...

CVE-2019-19541

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page...

CVE-2019-8945

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...

CVE-2019-15313

In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

CVE-2019-19542

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page...

CVE-2018-19919

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...

CVE-2018-16243

SolarWinds Database Performance Analyzer DPA 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen...

CVE-2019-9725

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

CVE-2015-9257

BMC Remedy Action Request AR System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS...

CVE-2018-16623

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown...

CVE-2019-13633

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for...

Malicious code in icloud-sod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528df6a9814a12abf16c70b3d096b10babfdae854b8a9952ab8ad5b69790a077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...