Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability (CNVD-2020-02286)

Cisco Data Center Analytics Framework DCAF application is a set of data center analytics frameworks from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web management interface in Cisco Data Center Analytics Framework Releases prior to 8.3.7.5.4, which stems from...

The vulnerability of the filemanager2.php component of the CentOS Web Panel management application allows a hacker to execute arbitrary HTML code or JavaScript scripts.

The vulnerability of the filemanager2.php component of the CentOS Web Panel management application relates to the lack of measures for sanitizing input data. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML code or JavaScript scripts...

CVE-2019-6034

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

JVN#10377257: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3...

Backdrop CMS Cross-Site Scripting Vulnerability (CNVD-2020-03710)

Backdrop CMS is a simple, open source, easy-to-use lightweight content management system for building attractive, professional websites. A cross-site scripting vulnerability exists in Backdrop CMS. The vulnerability stems from Backdrop CMS failing to adequately filter output when displaying...

DEBIAN-CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

Input validation

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

UBUNTU-CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

PHP PEAR 'Archive_Tar' Multiple Security Vulnerabilities

Description PEAR ArchiveTar is prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, obtain sensitive information, bypass certain security restrictions and perform unauthorized actions. PEAR ArchiveTar version...

Multiple vulnerabilities in "Custom Body Class"

Overview WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Cross-site Request Forgery CWE-352 - CVE-2019-6030 Shirai Masatake of Cryptography Laboratory,Department of Information and Communicati...

JVN#26847507: Multiple vulnerabilities in "Custom Body Class"

WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

Kinza Cross-Site Scripting Vulnerability

KINZA is a web browser. A cross-site scripting vulnerability exists in KINZA version 5.9.2 and earlier on Windows platforms and version 5.0.0 and earlier on Mac platforms. An attacker can exploit this vulnerability to execute arbitrary script on a user's web browser...

PT-2019-18459 · Synology · Video Station

Name of the Vulnerable Software and Affected Versions: Video Station versions prior to the latest version Description: This issue allows remote attackers to inject and execute scripts on the administrator’s management console through a cross-site scripting XSS vulnerability in Video Station...

Cross site scripting

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DO...

CVE-2019-18982

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header...

CVE-2019-18982

CVE-2019-18982 affects Pimcore prior to version 6.3.0, where the file bundles/AdminBundle/Controller/Admin/EmailController.php in the Email Log preview window can execute scripts due to a missing Content-Security-Policy header. The vulnerability is documented across multiple sources (NVD entry, R...

CVE-2019-18982

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header...