6665 matches found
Multiple QNAP Products NAS-201911-27 Multiple Security Vulnerabilities
Description Multiple QNAP products are prone to multiple security vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to gain unauthorized access to the affected device and execute arbitrary script code in the browser of an unsuspectin...
IBM Cloud Pak System CVE-2019-4098 Cross Site Scripting Vulnerability
Description IBM Cloud Pak System is prone to an cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication...
Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery Vulnerabilities
Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities. Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page:...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...
CVE-2019-15994 Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected application. The vulnerability is due to insufficient validati...
CVE-2019-15973 Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected application. The vulnerability is due to insufficient validati...
Skype v8.x - History Export v7 Web Vulnerability
Document Title: =============== Skype v8.x - History Export v7 Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2187 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2019/08/11/skype MSRC: VULN-007910 Release Date:...
Skype v8.x - History Export v7 Web Vulnerability
Document Title: =============== Skype v8.x - History Export v7 Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2187 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2019/08/11/skype MSRC: VULN-007910 Release Date:...
Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...
Moodle CVE-2019-14881 Cross Site Scripting Vulnerability
Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...
Cisco Unified Communications Manager IM and Presence XSS (cisco-sa-20191002-cuc-xss)
A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session...
Cisco Unified Communications Manager XSS (cisco-sa-20191002-cuc-xss)
According to its self-reported version, Cisco Unified Communications Manager is affected by a cross-site scripting XSS vulnerability. This is due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this by convincing a user to click a specially crafted U...
Cisco Unity Connection Web Framework XSS (cisco-sa-20191002-cuc-xss)
A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session...
Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities (cisco-sa-20191016-firepwr-xss)
According to its self-reported version, Cisco Firepower Management Center is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to...
Atlassian Jira 7.13.x < 7.13.3, 8.x < 8.1.1 Cross-Site Scripting Vulnerability
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by a cross-site scripting XSS vulnerability in the ConfigurePortalPages.jspa resource due to improper validation of user-supplied input before returning it to user...
Cisco TelePresence VCS / Expressway 12.5.x < 12.5.4 XSS
According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 12.5.x prior to 12.5.4. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied input before returnin...
Cisco Finesse Appliance Multiple Cross-Site Scripting Vulnerabilities (Cisco-SA-20150818-CVE-2015-4310)
According to its self-reported version, the Cisco Finesse appliance is affected by multiple cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to...
CVE-2019-12703
A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface...