7647 matches found
CVE-2019-8946
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...
CVE-2019-6784
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...
CVE-2019-11643
Persistent XSS has been found in the OneShield Policy Dragon Core framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated...
CVE-2019-19541
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page...
CVE-2019-8945
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...
CVE-2019-15313
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability...
CVE-2019-13493
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...
CVE-2019-19542
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page...
CVE-2018-19919
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...
CVE-2018-16243
SolarWinds Database Performance Analyzer DPA 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen...
CVE-2019-9725
The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...
CVE-2015-9257
BMC Remedy Action Request AR System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS...
CVE-2018-16623
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown...
CVE-2019-13633
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for...
Malicious code in icloud-sod (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528df6a9814a12abf16c70b3d096b10babfdae854b8a9952ab8ad5b69790a077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2018-7277
An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...
CVE-2017-15304
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...
CVE-2010-5340
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0...
CVE-2019-18210
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...
CVE-2019-14913
An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel...