GHSA-FW5Q-J9P4-3VXG Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Remote Code Execution RCE. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit template. Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches :...

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

WordPress Plugin Colorbox Lightbox Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Colorbox Lightbox. An...

Cisco Firepower Management Center (FMC) Cross-Site Scripting Vulnerability

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center FMC that stems from the web-based management interface failing to adequately validate user-supplied input. An attacker...

Cisco Firepower Management Center (FMC) Cross-Site Scripting Vulnerability

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center FMC suffers from a cross-site scripting vulnerability that arises from the web-based management interface not adequately validating user-supplied input. A...

Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"

Overview WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 SQL Injection CWE-89 - CVE-2020-5651 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the...

Vulnerability fixed in JIRA

Atlassian has fixed a vulnerability in JIRA. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Atlassian has released updates to fi...

CVE-2020-3589 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the...

Vulnerability fixed in IBM Security Access Manager

IBM has fixed a vulnerability in IBM Security Access Manager. A malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. IBM has released updates ...

Cisco IOS XE Software Command Injection Vulnerability (cisco-sa-iosxe-cmdinj-2MzhjM6K)

According to its self-reported version, Cisco IOS XE Software is affected by a command injection vulnerability. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

CVE-2019-15959 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

CVE-2019-15959 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

Design/Logic Flaw

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim...

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

PT-2020-4023 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests. An attacker could exploit this by sending a crafted request,...

CVE-2020-24559

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...