8183 matches found
CVE-2020-13311
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...
CVE-2020-13311
Removed by vendor...
CVE-2020-13311
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...
CVE-2020-13311
CVE-2020-13311 affects GitLab versions prior to 13.1.10, 13.2.8, and 13.3.4, where the Wiki parser can be attacked, preventing access to Wiki functionality via the UI. The issue is defined as a Wiki parser attack that blocks UI access, with reported CVSS metrics (v2: 4.0 MEDIUM; v3.1: 4.3 MEDIUM)...
IBM Engineering Requirements Management DOORS Next Cross-Site Scripting Vulnerability
IBM Engineering Requirements Management DOORS Next is a scalable solution that helps optimize communication and collaboration among teams and project stakeholders to maximize productivity and quality. A cross-site scripting vulnerability exists in the IBM Engineering Requirements Management DOORS...
IBM Jazz Team Server Web UI Cross-Site Scripting Vulnerability
IBM Jazz is a next-generation collaboration platform for software delivery technology from IBM Rational. A cross-site scripting vulnerability exists in the IBM Jazz Team Server Web UI, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain...
GNOME Shell: Information disclosure
Background GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. Description It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Impact Please review the referenced CVE identifiers for...
CVE-2020-4578
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2020-24582
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...
Cross site scripting
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...
CVE-2020-24582
Zulip Desktop prior to version 5.4.3 is affected by a cross-site scripting (XSS) vulnerability. The issue arises from mishandled string escaping during the construction of the HTML for the user interface, enabling injection of malicious content in the desktop client. The CVE entry covers this as ...
CVE-2020-24582
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...
CVE-2020-6326
SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...
KLA11953 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Microsoft Dynamics 365 On-Premise can be...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2020-50801)
IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server version 11.7, which can be...
IBM Engineering Test Management Cross-Site Scripting Vulnerability
IBM Engineering Test Management is a collaborative, Web-based quality management solution that provides end-to-end test planning and test asset management. A cross-site scripting vulnerability exists in IBM Engineering Test Management version 7.0.0. An attacker can exploit this vulnerability to...
CVE-2020-4702
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Cisco Jabber for Windows Protocol Handler Command Injection (cisco-sa-jabber-vY8M4KGB)
According to its self-reported version, Cisco Jabber for Windows is affected by a Windows Protocol Handler Command Injection vulnerability. The vulnerability exists in the web-based user interface due to improper handling of input to the application protocol handlers. An unathenticated, remote...
CVE-2020-4546
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314...
IBM Engineering Requirements Management DOORS Next Generation Cross-Site Scripting Vulnerability
IBM Engineering Requirements Management DOORS Next Generation is a requirements management tool that provides a smarter way to define, track, analyze and manage requirements. A cross-site scripting vulnerability exists in IBM Engineering Requirements Management DOORS Next Generation version 7.0,...