Microsoft Office Online CVE-2019-1447 Spoofing Vulnerability

Description Microsoft Office Online is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Office...

Malicious Package

sj-tw-test-security is a malicious package that downloads and runs a script that opens a reverse shell in the system...

Zyxel NBG-418N v2 Modem Cross-Site Request Forgery Vulnerability

The Zyxel NBG-418N is a broadband router. The Zyxel NBG-418N v2 Modem suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to execute arbitrary script code in the context of an affected site to steal cookie-based authentication credentials or perform...

Cross site request forgery (csrf)

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...

CVE-2018-4031

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...

CVE-2018-4031

CVE-2018-4031 affects CUJO Smart Firewall firmware 7003. The safe-browsing component abuses Lunatik (kernel Lua) by injecting unsanitized Host header data into a Lua statement, enabling arbitrary code execution in the kernel. Exploitation can occur via crafted HTTP/HTTPS requests containing a mal...

Cisco Industrial Network Director Cross-Site Scripting Vulnerability

Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. A cross-site scripting vulnerability exists in Cisco Industrial Network Director. An attacker could...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-40533)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

CVE-2019-15269

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

CVE-2019-15281 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...

Cisco Identity Services Engine CVE-2019-12638 HTML Injection Vulnerability

Description Cisco Identity Services Engine is prone to an HTML-injection vulnerability because it fails to properly validate user-supplied input. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application,...

CloudCTI HIP Integrator Recognition Configuration Tool Elevation of Privilege Vulnerability

CloudCTI HIP Integrator Recognition Configuration Tool is an integrator recognition configuration tool from CloudCTI, Netherlands. A security vulnerability exists in the CloudCTI HIP Integrator Recognition Configuration Tool that originates from an elevated privilege process that can execute...

Adobe Experience Manager APSB19-48 Multiple Security Vulnerabilities

Description Adobe Experience Manager is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to gain access to sensitive...

Intelbras Router WRN150 Cross-Site Scripting Vulnerability

The Intelbras Router WRN150 is a wireless router from Intelbras Brazil. A cross-site scripting vulnerability exists in the Intelbras Router WRN150. An attacker can exploit the vulnerability to execute arbitrary script code in the context of the affected site. This allows an attacker to steal...

keycloak: script execution via realm management policy trigger

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2019-35573)

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability in Microsoft Dynamics 365 on-premises version...

SAP BusinessObjects Business Intelligence Reflective Cross-Site Scripting Vulnerability (CNVD-2019-34409)

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A reflected cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2 and 4.3. The vulnerability stems from the product...