7649 matches found
CVE-2019-11812
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link...
CVE-2019-11814
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...
CVE-2019-11813
An issue was discovered in app/View/Elements/Events/View/valuefield.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links...
CVE-2019-11813
CVE-2019-11813 applies to MISP before 2.4.107, affecting the view component app/View/Elements/Events/View/value_field.ctp. The issue is a persistent XSS via link type attributes using javascript:// links, enabling potentially scripted payloads in affected installations. Root cause is improper han...
CVE-2019-11812
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link...
CVE-2019-11812
CVE-2019-11812 is a persistent XSS in MISP prior to 2.4.107. The vulnerability is in the PHP component app/View/Helper/CommandHelper.php, where JavaScript can be injected via the discussion interface and triggered by clicking a link. Affected product/version: MISP (before 2.4.107). Root cause is ...
Spoofable UI
firefox is vulnerable to spoofable UI. The vulnerability exists as it was possible to spoof the address bar via a SELECT element with a persistent menu...
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Add/Edit Widget Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Vendor Homepage: https://www.veeam.com/ Software Link:...
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Stored XSS Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.html...
Mozilla Firefox Input Validation Error Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An input validation error vulnerability exists in versions of Mozilla Firefox prior to 64, which arises from a network system or product that does not properly validate incoming data. An attacker could...
CVE-2019-9809
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...
UBUNTU-CVE-2018-18510
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service DOS attack by a malicious site which links to these pages. This vulnerabilit...
Design/Logic Flaw
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service DOS attack by a malicious site which links to these pages. This vulnerabilit...
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version:...
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...
Cross site scripting
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS...
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS...
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS...
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS...
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS...