CVE-2019-8947

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS...

CVE-2019-11318

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS...

CVE-2019-11318

Zimbra Collaboration Server (before 8.8.12 Patch 1) is affected by a persistent cross-site scripting (XSS) vulnerability in the web application. The provided documents specify the issue as a persistent XSS but do not detail the vulnerable component, root-cause, exploit method, or affected version...

CVE-2019-12427

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console...

CVE-2019-12427

CVE-2019-12427 affects Zimbra Collaboration before 8.8.15 Patch 1, with a non-persistent XSS vulnerability in the Admin Console. The connected Red Hat/OSV/CVE entries corroborate the same description. No remediation/versioned mitigation details are provided in the documents.

CVE-2019-15313

In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability...

WordPress CarSpot premium theme <= 2.2.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability (registration form & user profile)

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress CarSpot premium theme versions = 2.2.2. Solution Update the WordPress CarSpot premium theme to the latest available version at least 2.2.3...

CarSpot < 2.2.3 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0: - Authenticated Persistent XSS - Registration Form/User Profile - Authenticated Persistent XSS - Ad Post - IDOR leading to arbitrary deletion of ads Edit WPScanTeam: January...

CVE-2012-6613

D-Link DSR-250N devices with firmware 1.05B73WW allow Persistent Root Access because of the admin password for the admin account...

Design/Logic Flaw

D-Link DSR-250N devices with firmware 1.05B73WW allow Persistent Root Access because of the admin password for the admin account...

CVE-2012-6613

D-Link DSR-250N devices with firmware 1.05B73WW allow Persistent Root Access because of the admin password for the admin account...

GHSA-GP2M-7CFP-H6GF Incorrect persistent NameID generation in SimpleSAMLphp

Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...

CVE-2020-5223

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

Cross site scripting

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

CVE-2020-5223

CVE-2020-5223 affects PrivateBin: 1.2.0 before 1.2.2 and 1.3.0 before 1.3.2. The root cause is an unescaped user-provided attachment filename that can inject HTML, enabling a persistent XSS when a paste is viewed (e.g., via cloning). The issue has been fixed in PrivateBin v1.3.2 and v1.2.2. Upgra...

CVE-2020-5223 Persistent XSS vulnerability in filename of attached file in PrivateBin

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1365)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2070-1 : ruby-excon security update

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. For Debian 8 'Jessie'...

Advie Framework 2.0.8 Cross Site Scripting

Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...

Debian: Security Advisory (DLA-2070-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...